seo-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill can pull and load prompt files from the public GitHub repository via the /seo flow sync step (github.com/AgriciDaniel/flow) and runtime-loads files under references/prompts/ (and uses them to drive find/leverage/optimize/win analyses), so externally‑hosted, user-editable content is read and directly influences the agent's prompts and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's /seo flow sync command runs a Python sync script that pulls the prompt files at runtime from github.com/AgriciDaniel/flow, and those fetched prompt files directly control the agent's prompts and are a required dependency, so the external GitHub URL is a high-risk runtime dependency (github.com/AgriciDaniel/flow).