calendar-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows (e.g., "Meeting Preparation" step 2: research_attendees using linkedin_lookup, crm_lookup, email_search, and "Calendly → Calendar + CRM" step 1–2 extracting {answers} and using clearbit/linkedin lookups) explicitly fetch and ingest public/user-generated third‑party content (LinkedIn, Calendly answers, Clearbit profiles) which the agent reads and uses to generate agendas, talking points, and follow-up actions, enabling indirect prompt injection.