cargo-gtm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and interpret public third-party content (e.g., LinkedIn profiles via linkedin.findProfileUrl / linkedin.enrichProfile in recipes/linkedin-url-lookup.md and web-grounded research via the perplexity provider in guides/writing-outreach.md, plus web-scrape providers like firecrawl), and those external, user-generated sources are read and used to validate identities and drive downstream actions, so they can inject instructions that influence tool use and decisions.