ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web and community content (e.g., /ads update generates changelogs that pull WebSearch results and Reddit/Hacker News signals as shown in references/apple-changelog-30d.md) and /ads dna <url> scrapes public websites to build brand-profile.json which downstream agents consume to drive generation and audit decisions, so untrusted third‑party content is read and can materially change tool actions.