seo-content-marketing-skill-factory

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub repository is hosted under an unfamiliar username (possible fork/mirror) and the skill instructions involve cloning and installing code locally—while neither URL links to a direct executable, installing unreviewed code from an untrusted GitHub user and a short .so domain (ara.so) carries a moderate-to-high risk of hidden malicious scripts or supply-chain abuse unless you inspect the repo and verify the domain first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly crawls and analyzes open/public websites and search results — e.g., /content-audit, /technical-seo, /competitor-gap, /content-brief (analyzing "top-ranking" competitor pages and SERP data) — meaning the agent ingests untrusted third-party web content that can materially influence its audits, briefs, and follow-up actions.