crm-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill clearly ingests user-generated/untrusted CRM content from external third-party APIs—e.g., Close/HubSpot/Salesforce activity endpoints and webhook payloads such as activity.note, activity.email (see get_lead_timeline reading item["note"] / item["body_text"] and the Close webhook handler processing event["data"])—and the agent is expected to read and act on that content as part of its workflow.