hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill retrieves and extracts email/contact data from the public Hunter.io service via Refly workflow toolcalls (pulling contact data for arbitrary domains), exposing the agent to untrusted, user-generated public web content that it reads and interprets.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes and relies on a Refly workflow at runtime (e.g., https://refly.ai/workflow/c-yy5s998sby8jaqrhmjnjq5im) via the refly CLI which executes remote workflow code and returns toolcall content used by the agent, so external content is executed/controls behavior.