linkedin-post-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow Step 1 (Detect Input Type and Fetch Content in SKILL.md) explicitly instructs the agent to fetch blog/article URLs and GitHub PR URLs and ingest that public, user-generated web content as the source material used to decide post content and subsequent actions, so untrusted third-party pages could carry instructions that influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches user-provided web pages at runtime (e.g., it will fetch URLs such as https://vercel.com/blog/how-we-optimized-package-imports-in-next-js and https://martinfowler.com/articles/domain-oriented-observability.html) and injects the retrieved content into the model context to drive prompt generation, so external URLs directly control the agent's prompts and are a required dependency for URL-based inputs.