cold-email-personalizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Step 4 ("收集客户背景（可选增强）") explicitly instructs the agent to run WebSearch queries (e.g., LinkedIn, company news) and extract public third‑party content to feed into the email-generation prompts, so untrusted web content can directly influence generation and enable indirect prompt injection.