market-analysis

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes explicit, out-of-scope requirements (e.g., "MUST search codebase for 3+ similar patterns" and "cite file:line evidence for every claim") that are unrelated to market analysis and could prompt access/exfiltration of internal code or files, so it contains deceptive instructions outside its stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (Step 2 "Competitive Research" and related tables in SKILL.md) explicitly requires WebSearch and ingestion of company websites, product pages, reviews/customer complaints and other public web sources, which the agent is expected to read and use to drive market sizing, SWOT and recommendations — exposing it to untrusted third-party content.