resume-tailoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 1: Research Phase and multi-job workflow) explicitly performs WebSearch/WebFetch of public sites (e.g., "site:linkedin.com {job_title} {company}") and accepts job-description URLs/text, and the agent is instructed to read and synthesize that external content into the success profile and drive template, matching, and generation decisions—so untrusted third-party pages and user-provided URLs can materially influence agent actions.