waterfall-enrichment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly calls external enrichment providers (e.g., dropleads, peopledatalabs, crustdata, leadmagic_mobile_finder) and uses their JSON outputs via --result-getters and the resolved {{<waterfall_name>}} to drive follow-up actions (for example the email waterfall and subsequent leadmagic_email_validation), so untrusted third‑party API responses are ingested and can influence tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL includes a runtime installation command that pipes remote content to the shell: curl -s "https://code.deepline.com/api/v2/cli/install" | bash, which fetches and executes remote code and is required for the deepline CLI used by the skill.