competitor-price-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill uses WebFetch to fetch and parse arbitrary public competitor pricing pages (e.g., user-provided URLs like https://n8n.io/pricing, https://zapier.com/pricing) and then directly analyzes that third-party page content with a prompt template, exposing the agent to untrusted external content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly uses WebFetch at runtime to retrieve competitor pricing pages (e.g., https://n8n.io/pricing, https://zapier.com/pricing, https://make.com/pricing, https://pipedream.com/pricing) and injects the fetched page content into the model prompt for analysis, so those runtime-fetched URLs can directly influence agent instructions/outputs and present a prompt-injection risk.