ai-seo-articles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The orchestrator explicitly instructs live web searches and fetching of competitor pages (prompts/ORCHESTRATOR.md — Phase 0b "Do live SERP sampling" and Phase 1 "RESEARCH BRIEF" step 1–2: web_search and fetch_url) so the agent ingests untrusted, public third‑party content (SERPs, Reddit, competitor pages) which directly informs briefs, tooling choices, and publication decisions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The orchestrator's Research step calls fetch_url at runtime to pull competitor pages and uses that fetched content to build briefs and writer prompts (e.g., it will fetch pages like https://code.claude.com/docs), so external web pages are ingested live and directly control agent prompts.