company-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs open-web discovery and ingestion (e.g., bb search in SKILL.md Step 3 and the scripts/extract_page.mjs which uses bb fetch and falls back to bb browse on arbitrary discovered URLs) and then requires the agent to read and synthesize that untrusted, user/third‑party website content to score ICP fit and drive downstream actions, creating a clear path for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary target sites at runtime (e.g., via node {SKILL_DIR}/scripts/extract_page.mjs which calls bb fetch/bb browse on URLs like https://acme.com and https://acme.com/sitemap.xml), and that fetched page content is injected into subagent outputs and used to populate prompts/fields (product_description, icp_fit_reasoning), so remote content directly controls the agent's outputs.