market-share-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill calls external APIs at runtime (NexScope proxy for Jungle Scout SOV, Amazon search, and Keepa) and then injects the returned brand/product text fields (e.g., brand names, ASIN/product titles) into the LLM context via the script’s JSON/markdown report output that the agent forwards to the LLM; these texts are outsider-authored (public marketplace/vendor-derived) and not user-chosen.