inbound-lead-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs enrichment from open web sources (Step 4: "If no enrichment tools are configured, do a basic web search for company + person" and earlier/tool list referencing "LinkedIn scraper" and "web search"), and that third-party content is read and used to summarize context and drive urgency, qualification, and response drafts—meeting the conditions for possible indirect prompt injection.