analytics-tracking-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to crawl and analyze arbitrary public websites (e.g., "Analyzes a website by crawling pages" and the CLI/API examples like npx event-tracking init --url and analyzeSite), then uses that untrusted site content to generate event schemas and drive GTM sync/verify/publish actions, so third‑party page content is read and can materially influence subsequent automated tool actions.