data-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching raw rows from third‑party sources (see SKILL.md Step 3 and the templates HubSpot/Salesforce/Postgres) — including unstructured fields like email bodies, notes, and research_report — and passes them into client.memory.memorizeBatch with extractMemories: true, so the agent will read/index arbitrary user-generated CRM/database content that could contain instructions and thus enable indirect prompt injection.