brightlocal-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core workflows (e.g., "Citation Audit" and "Review Monitoring") explicitly instruct the agent to pull and interpret citation listings and review feeds from public platforms like Google, Yelp, Facebook, Apple Maps, and other directories (user-generated/open web content), which the agent would read and use to make decisions—exposing it to untrusted third-party content that could carry indirect prompt injection.