customer-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Mode 2 workflow in SKILL.md and the source playbooks explicitly instruct the agent to call scrapers like scrape_reddit, youtube_comments_search, web_scrape_page/firecrawl_scrape_url, search_tweets, scrape_tiktok_videos, and scrape_instagram_posts to fetch and verbatim-extract user-generated content from public sites (Reddit, YouTube, G2/Capterra, X/Twitter, TikTok, Instagram), which the agent is required to read, synthesize, and act on—meeting all criteria for exposure to untrusted third-party content.