data-enrichment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and parse data from external, public third‑party sources—notably stableenrich.dev endpoints such as apollo/people-enrich and clado/linkedin-scrape and even advises using built-in WebSearch/WebFetch to pull LinkedIn/social/profile or website data—so the agent will ingest untrusted user-generated public content and use it to drive enrichment, verification, and follow-up actions, enabling potential indirect prompt injection.