competitor-teardown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest open web and user-generated content (e.g., infsh/agent-browser screenshots of https://competitor.com, tavily/extract on pricing pages, and tavily/search-assistant queries mining G2, Reddit, Product Hunt reviews) which the agent is expected to read and use to drive analysis, exposing it to untrusted third‑party content that could carry indirect prompt injection.