seo-content-brief
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the belt CLI to run web searches and to "analyze top-ranking content" (e.g.,
belt app run tavily/search-assistantandbelt app run tavily/exa/searchandbelt app run tavily/extractwith public URLs like "https://top-result-1.com/article"), meaning the agent will fetch and interpret open/public third‑party pages whose content directly shapes decisions (SERP analysis, word counts, headings, and content strategy), exposing it to untrusted user-generated or public web content that could carry indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running the belt CLI's tavily/extract at runtime to fetch and inject external pages (e.g., https://top-result-1.com/article) into the agent's analysis context for SERP analysis, so those runtime-fetched URLs can directly influence prompts and are required for the workflow.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata