geo-llms-txt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 4 "Content Analysis" and related generation steps) instructs the agent to discover and ingest site content — e.g., globbing/crawling pages (Next.js/Nuxt/Astro/SvelteKit/vanilla HTML), crawling web root, prompting for a base domain, and embedding full-page markdown into llms-full.txt — which clearly has the agent fetch and interpret arbitrary public/user-generated website content as part of its core operation.