investor-call-prep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes and ingests public third-party investor websites via "scrapegraph smartscraper" (Step 3b), queries Perplexity (Step 3c) and Apollo enrichment for external firm data, and then uses that untrusted web-sourced content to decide compatibility and prioritize meetings (compile prep sheet), so external pages can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly scrapes arbitrary firm websites at runtime (e.g., https://{firm_website} and paths like https://{firm_website}/portfolio or /team via the scrapegraph proxy) and injects the extracted content into the model context to drive prompts and assessments, which is a required runtime dependency controlling agent outputs.