competitor-teardown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and ingest public, user-generated web content—e.g., belt app commands using infsh/agent-browser to screenshot arbitrary competitor URLs like "https://competitor.com/pricing" and tavily/extract, tavily/search-assistant, and exa/search to mine G2, Reddit, app stores and other public websites—so untrusted third-party content is read and can materially influence subsequent analysis and actions.