lovstudio-find-logo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script and SKILL.md explicitly fetch and scrape public third-party sources (Clearbit, the brand homepage's og:image / link rel=icon via scripts/find_logo.py and the "Sources probed" / "Workflow" sections in SKILL.md) and also instruct the agent to perform WebSearch fallbacks and follow press-kit pages, meaning untrusted public website content is ingested and used to drive selection and subsequent actions.