internal-link-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly requires "Get the sitemap or sitemap index URL" and the helper script scripts/sitemap_urls.py fetches arbitrary sitemap XML from public URLs, so the agent ingests untrusted public website content (sitemaps and implied page content) which it must read and which directly drives link-selection and recommendation actions.