connections-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires browser control for LinkedIn and X and uses "lead-intelligence" / "Exa / deep research" to pull public profiles and research surfaces, and the agent is expected to read and act on that user-generated third-party content to score prune/add candidates and draft outreach, so untrusted web content can materially influence decisions.