solo-founder-gtm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs deploying a "Research Agent" and "Outreach Agent" that use third-party enrichment tools (Clay, Apollo) and public social platforms (e.g., "DM 20 people per day on X or LinkedIn" and "Identify prospect > Enrich data > ... Pull personalization context") — clearly ingesting untrusted, user-generated web/social content that the agent reads and uses to drive outreach and personalization decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly names payment gateway tools and payment operations: it recommends Stripe in the core stack ("Payments | Stripe") and later references usage-based billing via Stripe and invoicing/annual invoicing flows. These are specific payment gateway references (tools whose primary purpose is moving money), so the skill contains direct financial execution capability.