sales-outscraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and API reference explicitly instruct the agent to fetch and process open/public, user-generated content via scraping endpoints (e.g., GET /google-maps-search, GET /maps/reviews-v3, GET /yelp/reviews, GET /trustpilot/reviews, GET /youtube-comments, GET /emails-and-contacts) from Google Maps, review platforms, YouTube and arbitrary websites, which the agent is expected to read and use to drive follow-up actions (lead enrichment, outreach, analysis), exposing it to untrusted third‑party content that could carry indirect prompt injection.