sales-enrichso

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs the agent to call Enrich.so endpoints that ingest arbitrary public third-party content — e.g., LinkedIn profile/company URLs via GET /v1/api/linkedin-by-url and csvFileUrl/values in POST /v1/api/bulk-enrichment — which are untrusted/user-generated web sources and the returned data is read and used to drive follow-up actions, so it can enable indirect prompt injection.