lead-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to fetch public third‑party data ("Public Records Research: Use get_public_records to fetch property details" and "Use the enterprise-hub MCP tools to fetch live data"), which the agent will read and use to drive predictive analytics and lead-scoring decisions, exposing it to untrusted/public web content that could indirectly inject instructions.