competitor-intel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest public, user-generated third‑party content (e.g., firecrawl_scrape_url / web_scrape_page for websites, scrape_instagram / scrape_tiktok_videos / scrape_reddit / search_tweets for social media, and search_google_results) as part of its required workflow in SKILL.md and references, and then uses those scraps to drive diffs, briefs, and follow-up actions—so untrusted content can materially influence agent behavior.