comprehensive-enrichment

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is explicitly designed to mass-collect and aggregate sensitive personal and company PII (work + personal emails, phone numbers, social activity, LinkedIn data), verify deliverability, and push/receive that data to multiple external enrichment APIs — making it highly abuse-prone for targeted doxxing, stalking, or spear‑phishing, even though it contains no obvious backdoor, obfuscated payload, or remote code‑execution primitives.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and ingest public third‑party content (e.g., LinkedIn via fiber /v1/linkedin-live-fetch/profile-posts, Twitter/X via Nyne newsfeed, website scraping via scrapegraph, and Linkup web/news searches) and to read and act on that content as part of its enrichment workflow, which exposes the agent to untrusted user-generated web content that could carry indirect prompt injections.