brand-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 explicitly instructs using Playwright to navigate to the client's public website (homepage, about/ethos pages) and to https://www.instagram.com/[handle]/ to read and extract content (including reviews/testimonials and profile copy), which are untrusted, user-generated public sources and whose content is used to populate context/brand-style.md and drive downstream decisions and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill uses Playwright at runtime to fetch the operator-provided website URL and https://www.instagram.com/[handle]/ and then extracts and injects that page content to pre-fill the onboarding prompts and generate context/brand-style.md, so external pages directly influence the agent's generated instructions/output.