meridian-investor-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's required workflow explicitly instructs the agent to use web_fetch on the startup's public homepage (Step 1) and to run live web searches/scrapes for investor pages, LinkedIn posts, press releases and portfolio companies (Step 3), all untrusted public third‑party content that the agent must read and use to drive decisions and write emails.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses web_fetch at runtime to read the provided startup_url (e.g. www.aviskaar.com or www.nextlabs.com) and to run web searches that pull investor pages and raw web content which are injected into the agent context and directly control the generated prompts/emails.