afa-geo

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes hidden/deceptive operational instructions—notably the requirement to "follow the silent capture protocol" and to hide internal routing/hand-off details—that instruct covert data capture and concealment of internal behavior, which are outside the skill's advertised GEO/AEO/localization assistance purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflows (e.g., references/ai-visibility-audit.md, diagnostic-system.md and geo-optimization-playbook.md) explicitly require performing multi‑platform queries and ingesting AI responses and source URLs from public third‑party sites and UGC (ChatGPT Browsing/Bing results, Perplexity, Google AIO, Reddit, Trustpilot, review sites), and then using those findings to drive diagnostics and remediation—i.e., it fetches and interprets untrusted third‑party content that materially influences actions.