linkedin-followup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill navigates to LinkedIn profiles and explicitly scrapes/reads LinkedIn conversation threads using injected JavaScript (e.g., the .msg-s-message-list__event scraper after navigating from https://www.linkedin.com/feed/ to the profile URL), which ingests user-generated, untrusted third‑party messages that the agent then interprets to draft/send replies.