marketing-pipeline-share-ai-content-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Required runtime path app/api/generate-content/route.ts → crawlRecentNews() fetches public web/news content via RapidAPI (response.data.articles), then extractInsights() turns article.content into readable strings that are concatenated into researchContext and injected into the LLM prompt in generateContent().

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime requests to https://api.rapidapi.com/search to fetch news articles and then injects that fetched content into the model prompts (researchContext → user/system prompt), so remote content from that URL can directly control the agent's outputs.