linkedin-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes public LinkedIn content (SKILL.md commands like scout-search, scout-activity, scout-comment-keyword) and the implementation (scripts/linkedin_outreach.py functions such as collect_post_urls, extract_comment_authors, extract_search_results and the scoring/classification logic) reads user-generated posts/comments and uses those results to score, queue, and drive connection requests/DMs, so untrusted third-party content can directly influence agent actions.