PrivateInvestigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows (e.g., Workflows/FindPerson.md Step 2 and SocialMediaSearch.md) explicitly instruct launching agents that scrape and ingest open public third‑party sources — Google x‑ray/LinkedIn/Facebook/Twitter, people‑search sites like TruePeopleSearch, Holehe, TinEye, Sherlock, etc. — and then have the agent read, synthesize, and act on those untrusted/user‑generated results (confidence scoring, reverse lookups, follow‑up tasks), which clearly enables indirect prompt injection.