geo-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes URL mode where the agent uses web_fetch to retrieve public web page body text/headings (outsider-authored free text) and then ingests it into the LLM for auditing and rewriting.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls web_fetch at runtime to retrieve an arbitrary user-provided web page (the user-provided URL fetched via web_fetch), and that fetched page content is injected into the agent’s context and used to drive the rewrite/audit outputs, so the external URL directly controls the agent's prompts/behavior.