linkup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and extracts "LinkedIn contacts data" from a Refly workflow (see Step 3: "Get text content from toolcalls" and the workflow URL opened in Step 2), which is public/user-generated content from LinkedIn—an untrusted third‑party source that the agent will read and interpret.