sales-revenue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and the reference files) explicitly instructs agents to fetch and scrape public third‑party sources — e.g., company websites, LinkedIn, BuiltWith/Wappalyzer, Clearbit/ZoomInfo/Hunter.io, Apollo/Clay enrichment MCPs and dealer-scraper Playwright scripts — and to parse prospect replies (Gmail MCP) to drive scoring, routing, and next actions, so untrusted user-generated content can materially influence agent behavior.