roast-cold-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to research target companies using Tavily and public sources (e.g., "Step 2 — 研究公司" in SKILL.md and README.md: "use Tavily search results" and "based on public information (recruiting pages, LinkedIn, news, product website)"), and then uses those third‑party findings to choose hooks and generate/send targeted emails, so untrusted web content is ingested and can materially change agent actions.