bmad-agent-marketing-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's content-research workflow (references/content-research.md) explicitly instructs the agent to use agent-browser to open and scrape public sites — e.g., Google SERPs, answerthepublic.com, competitor blogs, Reddit, and Quora — and to synthesize those findings into strategy and deliverables, which exposes the agent to untrusted, user-generated third‑party content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing and using the agent-browser package at runtime via the URL https://github.com/vercel-labs/agent-browser (npx skills add ...), which fetches and executes remote code and is then used to load web content that can be injected into the agent's context, so it meets the conditions for a runtime external dependency that can control prompts/execute code.