outreach-automator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/discover.sh and scripts/enrich.sh, invoked by scripts/campaign.sh and documented in README.md/SKILL.md) use the gh CLI to fetch public, user-generated GitHub data (repo search results, user profiles, repos, events) and explicitly instruct feeding that enriched JSON to an LLM to draft and send outreach, so untrusted third-party content is read and can directly influence agent decisions/actions.