seo-sxo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text is ingested via runtime SERP scraping: step 2 calls DATA_getSerpResults / DATA_getSerpTaskAdvancedResults to fetch top-10 result titles/snippets (public web content authored by others), which the skill then includes in 01-serp-snapshot.md and uses for dominant-pattern detection and persona scoring.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary external pages at runtime (the user-provided target page URL and the top-3 SERP winner URLs fetched via WebFetch and mcp__firecrawl_scrape), and injects that remote page content into the agent context to drive classification and recommendations, so those runtime URLs directly control the agent's prompts/analysis.