email-response-simulation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Workflow (Phase 1 Step 1a in SKILL.md) explicitly instructs the agent to scrape and ingest public third‑party sources (LinkedIn, LinkedIn posts, company bios, conference pages, press mentions) and to use that research (including direct quotes) to build personas and drive rewrite/decision outputs, which meets the criteria for untrusted third‑party content that can influence actions.