lead-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., SKILL.md and agents/enrichment-agent.md and agents/signal-scorer.md) explicitly fetches and ingests open/public third‑party content via Exa (web_search_exa), X API, WebSearch/WebFetch and LinkedIn browser access (public tweets, profiles, webpages, press releases) and then uses that content to score, rank, and generate outreach, so untrusted user-generated web content can materially influence agent decisions.