company-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs browse cloud search and fetches public pages via node scripts (see SKILL.md Step 1/Step 3, the Research subagent rules, and scripts/extract_page.mjs which uses browse cloud fetch and browse get markdown) to ingest sitemaps, homepages, job posts and third‑party search results and then uses that parsed content to populate product_description, score ICP fit, and drive downstream actions, so untrusted web content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary external company pages at runtime (e.g., browse cloud fetch --allow-redirects "{company_website}/sitemap.xml" and node {SKILL_DIR}/scripts/extract_page.mjs "https://acme.com"), and that fetched page content is injected into subagent processing and prompts—so remote webpages can directly control model inputs and are a required runtime dependency.