classify-leads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes scripts that read external Google Sheets (scripts/read_sheet.py) and feed those user-provided lead fields (company_description, keywords, etc.) into the LLM prompt in scripts/classify_leads_llm.py, meaning untrusted, user-generated sheet content is fetched and directly influences model decisions and filtering.