customer-win-back-sequencer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1: Churned Account Research and the "Tools Required" section explicitly instruct the agent to use web_search and fetch_webpage plus optional linkedin-profile-post-scraper and review-scraper to ingest public web pages, LinkedIn and review content and then use those findings to score accounts and generate outreach, meaning untrusted third-party content is read and can materially influence actions.