newsletter-sponsorship-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Phase 2 discovery and Phase 3 enrichment) explicitly instructs the agent to run WebSearch/WebFetch on public directories and pages (e.g., site:swapstack.co, site:paved.com, site:substack.com) and the included scripts/search_newsletters.py calls Substack's public API, so the agent will ingest and act on untrusted, user-generated web content that can materially influence scoring, outreach decisions, and subsequent actions.