instantly-data-handling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests untrusted, user-provided lead data from the Instantly API (see deduplicateBeforeUpload calling POST https://api.instantly.ai/api/v1/lead/get) and accepts unsubscribe payloads at /webhooks/instantly/unsubscribe, and that external content is read and directly influences deduplication, suppression, and removal actions.