customer-pulse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Workflow (steps 2–6 in SKILL.md) explicitly fetches PayPal disputes, HubSpot tickets, Gmail threads, Intercom conversations and accepts pasted Google/Yelp reviews — all untrusted/user-generated third‑party content — and requires extracting verbatim quotes and deriving themes and action items from them, so that external content directly influences the agent's decisions and outputs.