seo-content-brief

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the belt CLI to run web searches and to "analyze top-ranking content" (e.g., belt app run tavily/search-assistant and belt app run tavily/exa/search and belt app run tavily/extract with public URLs like "https://top-result-1.com/article"), meaning the agent will fetch and interpret open/public third‑party pages whose content directly shapes decisions (SERP analysis, word counts, headings, and content strategy), exposing it to untrusted user-generated or public web content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running the belt CLI's tavily/extract at runtime to fetch and inject external pages (e.g., https://top-result-1.com/article) into the agent's analysis context for SERP analysis, so those runtime-fetched URLs can directly influence prompts and are required for the workflow.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 01:25 PM
Issues
2
Security Audit — snyk — seo-content-brief