cross-sell-upsell-detection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly calls fetch_external_signals/get_external_signals in the Detection Implementation and lists "Company hiring (external data)" and "Funding announcement" under Growth Signals, indicating it ingests public third-party signals that are used to compute expansion_score and drive recommendations.