content-refresh-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the auditor/agent to pull and inspect public web content (e.g., "Pull data: ... target-keyword SERP samples" in SKILL.md and "Pull the current SERP for each target keyword. Read the top-ranking pieces" in references/refresh-signals-checklist.md), which requires fetching and interpreting untrusted third-party pages whose content could materially influence refresh decisions and tool actions.