geo-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "How to Use This Skill" explicitly instructs the agent to "Fetch the target page(s — homepage, key blog posts, service/product pages)," meaning the agent will ingest and interpret arbitrary public website content (homepages, blog posts, product pages) as part of its workflow, which can materially influence scoring and actions and therefore allows indirect prompt injection.