lead-enrichment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to use linkedin-scraper, web_search, and web_fetch to scrape LinkedIn profiles and public websites (untrusted, user-generated third-party content) and to read/interpret those pages to derive emails and update CRM records, so that external content can materially influence tool use and next actions.