geo-report-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow says that if the user provides a URL it must "invoke the geo-audit skill for that URL" and then parse the resulting markdown audit reports (i.e., content derived from arbitrary public websites) to build the JSON used to generate the PDF, meaning the agent ingests and acts on untrusted third-party web content.