cold-email-personalization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Research Playbook (assets/research-playbook.md, Tier 2) explicitly instructs using scrapers and APIs (Claygent, ZenRows, Serper, LinkedIn, etc.) to fetch and extract public website content (pricing pages, reviews, LinkedIn posts) that the agent must read and use as personalization signals for emails, which clearly exposes it to untrusted third‑party content that could carry indirect prompt injection.