seo-links

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/link-mine.sh, link-mentions.sh, link-broken.sh, link-prospect.sh) explicitly fetch and crawl public third‑party web pages (via curl) and/or call the DataForSEO public API or web search fallbacks to ingest untrusted user-generated/open-web content, and those fetched pages are parsed and used to choose outreach targets and next actions (e.g., which links to pitch), so external page content can materially influence agent behavior.