gtm-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and scrape public third-party content (e.g., "Research agent: Web scrape, news, social" and "company research agent ... scrapes site and news" in SKILL.md and references/implementation-guide.md) and to use that untrusted user-generated/web content to drive personalization, routing, and agent actions, which could enable indirect prompt injection.