prospect-refresh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries Apollo's People API and organization enrichment (Stage 2 and Stage 5) and uses the returned person/company fields to drive deduplication, ATL/BTL classification, and to populate personalized Gmail drafts and downstream HubSpot actions (Stage 3, 4, 6), so untrusted third-party content can directly influence tool decisions and actions.