lead-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on untrusted, user-generated public content — e.g., SKILL.md's "Recent X posts (last 30 days)" and instructions to "pull recent original posts" plus agents (enrichment-agent.md, signal-scorer.md, mutual-mapper.md) that use Exa web search, X API, WebFetch/WebSearch and LinkedIn browser control to read public posts/profiles and then drive outreach drafting and channel selection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires live X API access (env vars X_BEARER_TOKEN / X_ACCESS_TOKEN) and at runtime fetches recent posts from the X/Twitter API (https://api.twitter.com) to build voice profiles that are injected into and directly control the agent's prompt/context for draft generation.