cold-email-verifier

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime script (scripts/email_verifier.py) explicitly calls third-party public APIs — Clearbit's Autocomplete endpoint to discover company domains and ValidEmail.co (and optionally arbitrary Reacher HTTP URLs) to verify addresses — and the agent consumes those responses to decide which generated email is accepted, so untrusted external content can influence behavior.