content-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and analyzes arbitrary user-supplied public URLs (e.g., "Step 1: URL Scanning" in Profile Creation: "Fetch each URL using read_url_content") and later re-fetches profile URLs for voice calibration (Phase 3: Execute), meaning untrusted third-party/user-generated content is ingested and directly influences generation decisions and tool actions—exposing the agent to potential indirect prompt injection.