seo-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and inspects user-specified public websites (see Phase 2 "Target URL" and Phase 3 "Analyze" which requires new_session/inspect_page and fetching robots.txt, sitemap.xml, og:image URLs, and JSON-LD), so the agent will ingest and act on untrusted third‑party web content that could carry injected instructions.