afa-seo

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). Yes — the prompt includes a "silent capture protocol" instruction to append learnings to persistent storage (learnings.jsonl) without user-visible disclosure, which is a hidden/deceptive data-capture directive outside the skill's advertised SEO task.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly requires fetching and interpreting open-web content (e.g., using store_url for site audits, SERP/PAA extraction, competitor checks via Ahrefs/SimilarWeb, Google tools, and social media sources) as shown in SKILL.md Phase 1 and in references/keyword-research-engine.md and references/diagnostic-system.md, which means untrusted, user-generated third‑party content can be ingested and influence subsequent decisions and actions.