inbound-lead-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 4 "Enrich with Context" explicitly calls for using public enrichment tools and "If no enrichment tools are configured, do a basic web search for company + person" and lists "LinkedIn scraper, web search" as data sources, which means the agent fetches and interprets untrusted third‑party (public/web/user‑generated) content that can change urgency, qualification, and response drafts.