ai-content-pipeline-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime “Auto-research” path crawls external sources (e.g., TechCrunch/Twitter/LinkedIn via RapidAPI and other scraping) and then feeds the fetched page/message text into the LLM for analysis/writing, which is outsider-authored free text.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's research module explicitly crawls real-time sources (e.g., TechCrunch via the RapidAPI endpoint referenced as process.env.RAPIDAPI_TECHCRUNCH_ENDPOINT) at runtime and injects that fetched research data into generateArticle/researchData which directly controls the AI prompts, so the RapidAPI/TechCrunch endpoint is a runtime external dependency that influences prompts.