marketing-pipeline-ai-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime research step (crawlResearch → “auto-crawls research” from sources like TechCrunch/Twitter/LinkedIn) can ingest outsider-authored web page text into the LLM prompt via createContent where it interpolates config.research into prompt (i.e., fetched public content becomes readable prose in the LLM context).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime crawlResearch step explicitly auto-crawls external sites (e.g., TechCrunch https://techcrunch.com, a16z https://a16z.com, Twitter https://twitter.com, LinkedIn https://linkedin.com) and the fetched research is JSON-injected into the AI prompt (via JSON.stringify(config.research)), so these remote URLs directly control prompt content at runtime.