outreach-sequencer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open and read LinkedIn messaging/profiles via a browser and to incorporate "recent company news (web search if needed)", meaning it will fetch and interpret untrusted, user-generated public web content (LinkedIn and arbitrary web searches) as part of its workflow.