domain-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Steps 2–3 and the examples) explicitly tells the agent to perform WebSearches and ingest content from public third‑party sites (e.g., tld-list.com, tldes.com, Twitter/X, Reddit) and to use those external prices and promo codes to drive registrar recommendations and purchase actions, which exposes it to untrusted, user‑generated content that can materially influence behavior.