signal-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script (scripts/signal_scanner.py — functions scan_job_postings, scan_linkedin_content, and scan_profile_changes) explicitly fetches LinkedIn job postings/posts/profiles via Apify (third-party public/user-generated content) and then reads/scores that content to compute activation_score and update lead_status or write signals to the DB, so untrusted external posts can materially influence agent actions.