icp-website-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and crawl user-provided target URLs and public web results using WebFetch/WebSearch (Process → Step 2: "Crawl Target Pages" and "Use WebFetch" plus external presence checks like G2/Capterra), and then to read and interpret that third‑party content to drive persona evaluations and scoring, so untrusted public content can materially influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses WebFetch to load arbitrary user-provided target URLs (Site: [url]) at runtime and then extracts and injects that fetched page content into the agent's evaluation prompts, so a maliciously-crafted target page could directly control or poison prompts—flagging the user-supplied target URL(s) fetched via WebFetch.