cold-email-personalization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs scraping and ingesting open web and social content—see the Research Playbook Tier 2 (Claygent, ZenRows, Serper, SimilarWeb, LinkedIn) and examples referencing "scraped pricing page", Google/G2 reviews, and LinkedIn posts—which the agent is expected to read and use as personalization signals, exposing it to untrusted third‑party user-generated content.