seo-content-brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "SERP Analysis Process" explicitly instructs running belt apps like tavily/search-assistant and tavily/extract to fetch and analyze top-ranking URLs (e.g., "https://top-result-1.com/article"), meaning the agent ingests open/public web content and uses it to drive decisions about format, topics, and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly instructs runtime use of the inference.sh "belt" CLI (e.g., "belt app run tavily/search-assistant") which pulls and runs remote apps from https://inference.sh that can execute code or supply prompts and are relied on by the skill, so the external URL https://inference.sh is a runtime dependency that can directly control instructions.