seo-tech-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses live, public third‑party site content (HTML/markdown and page data) via external crawlers/APIs (Firecrawl, DataForSEO, Ahrefs MCP) and additionally retrieves robots.txt, sitemap.xml, and llms.txt as part of the required ingestion/workflow (see "Path B: API-based crawl" and "Post‑Crawl Enrichment" in references/api-crawling.md and the Phase 1 ingestion steps), so untrusted web content is read and acted on during analysis.