data-sourcing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's orchestration and code templates explicitly call external providers and public sources (e.g., the JavaScript template's callProvider() loop, waterfall sequences referencing Apollo, Hunter, Clearbit, ZoomInfo, Google News/LinkedIn public, BetterContact, AI web research, etc.), ingesting and interpreting their returned data as part of the enrichment workflow — which are untrusted, third-party/public sources that could carry user-generated or arbitrary content.