gtm-meta-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and scrape untrusted public web and social content (e.g., Apify actor calls and LinkedIn scraping in finding-companies-and-contacts.md, cloudflare_crawl and firecrawl_scrape in the provider playbooks, parallel_extract/serper_google_search and linkedin_post_to_engagers) and to read/interpret those results as part of enrichment and tooling decisions, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running a runtime installation command that fetches and executes remote code via curl -s "https://code.deepline.com/api/v2/cli/install" | bash, which downloads and executes external code at runtime.