ads-funnel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution Flow and Rules explicitly require fetching the business website with WebFetch ("Fetch the business website" in Execution Flow step 1 and "ALWAYS fetch the website" in Rules), meaning it ingests arbitrary public/untrusted site content and uses that content to determine business type, offers, and to drive platform/creative/retargeting decisions—allowing third-party content to materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill ALWAYS fetches the user-supplied business website URL via WebFetch (the passed to /ads funnel) at runtime and uses that fetched content to directly shape prompts/instructions for the generated funnel, so the external site controls agent behavior.