people-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run open-web searches and fetch/summarize arbitrary public URLs and social media data (see SKILL.md, references/domain-resolution.md and references/workflow-patterns.md — e.g., lessie web-search, lessie web-fetch, and review-people), and those fetched third-party pages are read and used to resolve domains, set search parameters, and qualify candidates, exposing the agent to untrusted user-generated/public web content that could contain indirect prompt injections.