cold-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's personalization guidance (references/personalization.md "Research Signal Stack") explicitly tells the agent to use and act on public signals from third‑party sources like LinkedIn posts, Google News, Crunchbase, BuiltWith/Wappalyzer and YouTube, so the agent is expected to fetch/read untrusted, user-generated/open-web content and incorporate it into message decisions.