content-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Playwright scraper (scripts/fetch-huggingface-trending.mjs) autonomously visits and scrapes public HuggingFace pages (https://huggingface.co/models?sort=trending and individual model pages) and writes raw-trends.json which the required workflow (prompts/niche-mapping.md and prompts/trend-to-carousel.md) explicitly consumes to pick trends and build actionable slides, so untrusted, user-authored web content can directly influence tool choices and generated actions.