news-signal-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary user-shared URLs and public social posts (see "Mode A: If URL → fetch the page, extract article text" and Signal Detection Config options like "Web search / Google News / RSS feeds / Social media"), meaning the agent ingests untrusted third‑party content (articles, tweets, LinkedIn posts) and uses it to drive entity extraction, qualification, contact finding, and outreach decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches user-provided URLs at runtime ("If URL → fetch the page, extract article text" — e.g., any user-shared URL such as a LinkedIn post, article, tweet, or blog post) and injects that content into the agent's extraction and prompt-generation pipeline, so external pages can directly control model prompts.