compose-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires running web searches for "external hooks" (Step 2: "Web Search for External Hooks") and, in "When Signal Data Is Sparse", instructs running web search for news, LinkedIn posts, and conference talks and then using those signals to craft outreach, so the agent will ingest and act on untrusted public third-party content.