seo-local-business

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (SKILL.md Step 1: "Ask for (or extract from existing site)") explicitly instructs the agent to extract content from an existing website URL, meaning it would fetch and read untrusted third-party pages whose content could be interpreted and used to generate meta tags/structured data and thus could carry indirect prompt-injection instructions.