Lead Research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to perform web searches and fetch/parse public third‑party pages (see "Phase 2: Deep Dive (Fetch Promising URLs)" and "LinkedIn Intelligence Extraction" which list LinkedIn, company websites, Crunchbase, news, G2/Capterra, job postings, etc.), so it clearly ingests untrusted user-generated/open-web content that can materially influence actions and tool use, creating an indirect prompt‑injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime web searches and fetches/extracts external pages (notably LinkedIn profiles such as https://www.linkedin.com and similar external sources like Crunchbase/news sites) and injects that content into the model output/synthesis, meaning remote content can directly influence/drive prompts and thus is a runtime external dependency.