ai-marketing-claude-code-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs the agent to fetch and ingest content from public, user-generated sources (e.g., the "last30days" and "reddit-insights" skills that search Reddit, X and the web, the "youtube-summarizer" that fetches public transcripts, and direct URL use like "Use the homepage-audit skill on https://example.com"), and the configuration mentions REDDIT_API_KEY and SERP_API_KEY, so untrusted third-party content is read and used to drive decisions.