clay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using Claygent to browse and scrape public web pages and search results (see .claude/skills/claygent/SKILL.md and resources/prompts/claygent-guide.md with prompts like "Visit {{company_url}}" and "Search Google for..."), and those scraped, user-generated or public-site contents are read and used to drive enrichments and downstream decisions (columns, scoring, CRM pushes), which could allow indirect prompt injection from untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Claygent prompt templates explicitly instruct the agent to fetch and scrape arbitrary external websites at runtime (e.g., "Visit {{company_url}}" / https://{company_domain}/ and a BuiltWith URL), and that fetched page content is injected into prompts and directly controls outputs, so these runtime external fetches are a high-confidence risk.