seo-competitor-pages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context via step 5: WebFetch “pull the top 3 SERP winners' markdown” (public web pages authored by third parties), and step 5 (Firecrawl) further extracts readable text/metadata/JSON-LD from those same third-party pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime WebFetch calls to the top-3 SERP winners' URLs (i.e., arbitrary external competitor page URLs fetched at runtime via WebFetch) and uses the fetched markdown/JSON-LD to directly shape the agent's output, so those external URLs are runtime dependencies that control prompts.