personalization-at-scale

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to research and ingest public third‑party content—e.g., LinkedIn activity (posts/comments/job changes), company news/press (TechCrunch/PR Newswire/Crunchbase), job postings, blogs and podcasts—as part of generating personalizations, which exposes it to untrusted/user‑generated web content for interpretation.