geo-fix-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 1 workflow explicitly accepts a URL and "Fetch the page HTML" to extract and analyze main content (SKILL.md — "If a URL is provided: Fetch the page HTML"), meaning it ingests arbitrary public web pages and interprets them to drive paragraph-level rewrites and validation, which can be influenced by attacker-controlled content—so it clearly exposes the agent to untrusted third-party content that could enable indirect prompt injection.