directory-submission

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires the agent to "search the web for missing product info" and "gather from user's site" (e.g., "When context is missing: Gather from user's site; search the web for pricing, features, competitors, reviews"), meaning it fetches and interprets public third‑party content (reviews, competitor pages, arbitrary URLs) and uses that information to generate submission copy and choose actions.