cold-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md step 1b and step 2) explicitly instructs the agent to call Crustdata MCP to fetch LinkedIn profiles and recent LinkedIn posts and to perform web searches for company news, meaning it ingests untrusted, user-generated social media and public web content which is then read and used to shape personalization and next actions.