customer-intel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires ingesting and analyzing public third‑party content — e.g., "Sources for technology stack discovery" (BuiltWith, LinkedIn, G2, GitHub, press releases) and Phase 3's "Search the company's careers page and LinkedIn Jobs every 2 weeks" — and uses those findings to drive outreach decisions and tool use (displacement playbooks, passing intelligence to calendar-pipeline), so untrusted user-generated web content could materially influence agent actions.