contact-to-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflows explicitly call external enrichment APIs (e.g., crustdata_person_enrichment, apollo_people_match, peopledatalabs_enrich_contact) using LinkedIn profile URLs and other public data (see Workflow A/B/C in SKILL.md), and the agent consumes those providers' returned fields (emails/metadata) to choose/validate addresses and drive follow-up actions, which exposes it to untrusted third-party/user-generated content that could influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's "Get started" step instructs users to run remote code via curl -s "https://code.deepline.com/api/v2/cli/install" | bash to install the deepline CLI, which executes fetched code and is presented as a required dependency for running the example commands.