expansion-signal-spotter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using web_search, fetch_webpage, and an optional linkedin-profile-post-scraper to ingest LinkedIn profiles, job postings and public company webpages (see "Phase 1: Signal Detection" and "Tools Required"), and those external signals directly drive scoring, talk-track generation, and scheduling decisions, so untrusted third-party content can materially influence agent actions.