agent-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires visiting user-provided product URLs and extracting URLs (see "Rule 3" and the SaaS review Step 2: "if they give a URL, visit the site and extract URLs") and accepts arbitrary HTTP/HTTPS --broll-images, so the agent will fetch and interpret untrusted public web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs visiting user-supplied product URLs at runtime (e.g., via the --product-url flag and examples like https://postiz.com/dashboard-screenshot.png or extracting images from a provided product URL) and using the extracted page/images as context injected into AI script-generation, so external content directly controls the agent's prompts.