landing-page-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Quick Start explicitly instructs using belt app run tavily/search-assistant and related web-search apps to "Research competitor landing pages" and run public web queries (and also exa/answer), which means the agent will fetch and read untrusted public web content that could influence its decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and invokes the inference.sh "belt" CLI at runtime (https://inference.sh), and uses belt app run to execute remote apps (e.g., falai/flux-dev-lora, tavily/search-assistant) which run remote code and directly control prompt/execution, so this is a runtime external dependency.