contact-finder-contactout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and enrich LinkedIn profile URLs (e.g., /v1/linkedin/enrich and /v1/people/linkedin endpoints) which pulls user-generated, public LinkedIn content that the agent reads and uses to drive contact-finding actions, creating a clear vector for indirect prompt injection.