viral-replicator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public social posts and review pages at runtime (see scripts/fetch-ig-post.mjs and scripts/scrape-g2-reviews.mjs and the SKILL.md Path A/Path B flows), then reads captions/on-screen text/comments and reviews to drive deconstruction, clustering, and downstream actions (prompts/deconstruct-viral.md even instructs the agent to look at comments), so untrusted user-generated content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime scripts fetch user-supplied pages (e.g., https://www.instagram.com/p//, https://tiktok.com/…, https://www.youtube.com/shorts/…, https://www.g2.com/products//, https://www.trustpilot.com/review/…) and write raw-post/raw-reviews JSON which are directly injected into the skill's prompts (deconstruct-viral.md, review-to-ad.md), so external page content can control the model's inputs at runtime.