ai-personalization-prompts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The prompts explicitly tell the agent to generate outputs "based on {{companyDomain}}" and to "use main value prop from website" (references/prompts.md), which requires fetching/reading arbitrary public company websites (third-party content) as part of the workflow, exposing the agent to untrusted external content and potential indirect prompt injection.