lead-research-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to "search for companies" and ingest public signals such as job postings, recent news, tech stacks, GitHub repositories, and LinkedIn/profile URLs—all open, user-generated or third‑party web content that the agent would read and interpret as part of its workflow, creating a clear avenue for indirect prompt injection.