keyapi-linkedin-company-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls KeyAPI's LinkedIn MCP endpoints (e.g., get_company_posts, get_company_people, get_company_jobs) via the server URL https://mcp.keyapi.ai/... as shown in SKILL.md and scripts/run.js, ingesting public LinkedIn posts, employee directories, and job listings (user-generated/untrusted content) which are parsed and synthesized into reports, so third-party content can materially influence agent behavior.