early-access-email-sequence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run WebSearch and WebFetch against public LinkedIn profiles and company websites (Phase 1 and Phase 2, including WebFetch: https://{{company_domain}}) and to use those untrusted, user-generated search/fetch results to drive personalized email content and workflow choices, so external content can materially influence agent behavior.