local-schema

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs validating and extracting JSON-LD from public websites using tools like Google Rich Results Test and browser DevTools (including a note about web_fetch/curl stripping tags), which requires fetching and interpreting untrusted public web pages (and linked social/review pages) as part of the workflow.