website-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Phase 2 "Full Site Crawl" requires the agent to fetch and "read every word" of a user-provided website and follow internal links, meaning it ingests arbitrary public/untrusted web content (the provided URL and linked pages) that directly influences audit decisions and actions.