solo-founder-gtm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Research and Outreach agents explicitly ingest and personalize public, user-generated content—e.g., X (Twitter) and LinkedIn profiles/DMs and enrichment from third-party services like Clay/Apollo—so the agent is expected to read untrusted third‑party content as part of its workflow, creating a vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly names a payment gateway (Stripe) in the recommended stack and advises using "usage-based billing via Stripe." Because the documentation calls out a specific payment provider and billing integration, it includes a payment gateway as a defined tool — which falls under the "Direct Financial Execution" category in the rules.