ad-creative-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Phase 1 explicitly requires calling firecrawl_extract_branding(url="https://...") to fetch a site's logo, screenshot, and brand.screenshot.description and then instructs the agent to read and use that extracted website content (brand.screenshot.description and brand.branding) to drive ad copy and image-generation prompts, so arbitrary public websites can directly influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls firecrawl_extract_branding(url="https://example.com") at runtime and then injects the returned brand data (e.g., brand.screenshot.description and reference images) directly into image-generation prompts, so the external website URL (e.g., https://example.com or any user-supplied site) is fetched at runtime and controls the agent's prompts.