posthog-pls-big-fish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and ingest public third‑party content — e.g., SKILL.md Step 2 ("Research the company" via web search), Step 3 persona research (LinkedIn, Crunchbase and other public pages), and Step 7 ("Validate all URLs" using web_fetch) — and the results are used to decide qualification and outreach, so untrusted third‑party content can materially influence actions.