champion-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to scrape public user-generated sources (Phase A in SKILL.md: "Scrape reviews" from G2/Trustpilot and "Search LinkedIn posts" via Crustdata MCP) and the runtime script calls Apify to fetch LinkedIn profile data (scripts/champion_tracker.py LinkedInEnricher → Apify actor), and that fetched third‑party profile/review content is parsed and directly used to detect job changes and drive ICP scoring/outputs.