instantly-upgrade-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and adapter code explicitly fetch and parse data from Instantly's public API endpoints (e.g., https://api.instantly.ai/api/v2, /leads, /campaigns) and uses lead/campaign/analytics payloads (user-provided/untrusted content) to drive actions like launching or pausing campaigns, so third-party content could influence agent behavior.