marketing-pipeline-automation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs themselves are not direct malware binaries, but the GitHub repository is an unvetted personal project that instructs running arbitrary Node.js code (and supplying API keys) locally—this makes it a potentially risky distribution vector for malicious scripts or secret exfiltration, while the localhost and vendor site (ara.so) are low-risk by themselves.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow calls researchTopic(...) with sources like twitter/techcrunch and then feeds the resulting scraped research (including article text/insights/statistics) into the LLM prompt via generateContent (Use the following research data: ${JSON.stringify(researchData)}), so outsider-authored web/social free text is ingested into the agent context.