press-release-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Research & Fact-Checking" section instructs using the inference.sh (belt) CLI to run open-web search apps (e.g., belt app run tavily/search-assistant, exa/search, exa/answer) which fetch public/untrusted web content for fact‑checking that the agent is expected to read and use to influence press‑release content and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires and invokes the inference.sh CLI (https://inference.sh) via belt app run (e.g., belt app run tavily/search-assistant), which runs remote apps/logic at runtime and therefore fetches and executes external code or instructions that can directly control prompts.