geo-technical

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to fetch and parse arbitrary public URLs (homepage + inner pages), robots.txt, and sitemaps via curl/WebFetch (see "How to Use This Skill", Category 1.1/1.3 and Category 7 detection steps), and the agent is expected to interpret that untrusted web content to make scoring and remediation decisions — which satisfies the conditions for potential indirect prompt injection.