inbound-lead-enrichment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and interpret public third‑party content (e.g., "web-search", company websites, Crunchbase, LinkedIn and a "LinkedIn scraper (Apify)", Apollo, Twitter/social mentions) in Step 2/Step 3/Step 4, and that content is used to infer seniority, stakeholder roles and drive CRM updates and outreach decisions — meeting all criteria for exposure to untrusted, user-generated web content that could contain indirect prompt injection.