lead-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate to LinkedIn profiles (linkedin.com/in and linkedin.com/sales/lead), use tabs_context_mcp/navigate/read_page to extract recent posts, comments, and articles (user-generated content) and then base personalization and outreach actions on that content, so untrusted third-party content from LinkedIn can directly influence decisions and messages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill navigates at runtime to LinkedIn profiles (e.g., https://linkedin.com/in/ and https://linkedin.com/sales/lead/) and uses read_page to extract profile content that is injected into the agent's context to generate prompts/icebreakers, so the fetched external content directly controls the agent's output.