champion-move-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to visit and scrape public LinkedIn profiles ("LinkedIn: Visit profile (or use scraping tool)" in Step 1), perform web searches and read company pages/news ("Research the new company using web search" in Step 2), and search public web/email sources (Step 3: web search, Apollo/Clearbit) — all of which ingest untrusted, user-generated or public third‑party content that can influence qualification and outreach decisions.