coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and acts on open/public third‑party content: COACH.md and README describe the research/prep commands performing web/company research and claim‑verification (employee posts, product reviews, leadership profiles), and the round/analyze flows auto-detect or accept transcripts from ~/meetings/ or pasted Otter/Zoom/Grain outputs (Minutes integration), all of which are untrusted/user-generated sources that the agent reads and uses to drive decisions.