vc-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly fetches and ingests public third‑party pages and search results (Step 3: Firecrawl or Tavily extract for the product page; Steps 6–8: Tavily live searches and snippets) and requires the agent to read those untrusted snippets to pick comparables, identify/rank VCs, and generate outreach actions, so external web content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires a TAVILY_API_KEY and at runtime posts to https://api.tavily.com/extract and https://api.tavily.com/search; the returned search/extract content is injected into the agent's context and used as authoritative evidence that drives prompts and output, so these external endpoints directly control the agent and are a required dependency.