google-search-ads-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 workflow explicitly instructs the agent to use web_search and fetch_webpage on competitor sites, mine user reviews from G2/Capterra, scrape Reddit (Apify or site:reddit.com searches), and pull Hacker News posts via the Algolia API—all untrusted, public user-generated sources whose content the agent is expected to read and use to drive keyword/bid decisions.