geo-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 "Browser validation" and Phase F "AI Citation Testing" explicitly direct the agent to open browser sessions and fetch/inspect user-supplied/public web pages and services (target URLs, /llms.txt, robots.txt, sitemaps, Perplexity, Google) and then use that extracted content to generate analyses, scores, and remediation steps, which clearly ingests untrusted third-party content that can influence subsequent actions.