deal-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Step 4 (Extruct signal monitoring) uses the Extruct MCP (https://api.extruct.ai/mcp) to crawl and enrich public third‑party sources (company websites, press releases, job pages, GitHub, status pages, LinkedIn/press content per the signal prompts) and explicitly requires the agent to read and act on that evidence to influence deal analysis, auto-create CRM records, and recommend follow-ups, which exposes it to indirect prompt injection from untrusted web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Extruct MCP at https://api.extruct.ai/mcp during runtime (create_table/add_columns/create_rows with run=true and agent-type columns) which executes remote agent/enrichment code and returns results the skill depends on for signal monitoring, so this is a runtime external dependency that executes remote code.