gsp-brand-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pre-fetches competitor URLs from the BRIEF.md competitive landscape using WebFetch (Step 2.5) and instructs the researcher agent to perform open web research/WebSearch and include the fetched competitor content in the agent context, which exposes the agent to untrusted public third-party webpages that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebFetch at runtime to pre-fetch "each competitor URL or website found in BRIEF.md" and then includes that fetched competitor content in the spawned researcher agent's context, meaning external competitor URLs (the URLs listed in BRIEF.md) are fetched at runtime and directly influence the agent prompt/context.