agency-quick

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution Flow (Step 1 — "Fetch the Homepage") explicitly instructs the agent to use WebFetch on an arbitrary target URL and "Extract a comprehensive business analysis from this page," so the agent will fetch and act on untrusted public web content (the provided homepage), which can materially influence scoring and decisions and thus enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebFetch at runtime to retrieve arbitrary user-supplied webpages (e.g., https://www.acmeplumbing.com) and injects that fetched page content into the model prompt to drive the entire analysis, so the external URL content directly controls agent behavior and is a required runtime dependency.