linkedin-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow (Phase 1 and Phase 3: "Lead Selection from Supabase" and "Signal-Aware Template Selection" / "Merge Variables") ingests and uses user-generated third-party signals — e.g., LinkedIn comment_snippet, post_topic, kol_name, job_posting_detail sourced from LinkedIn/public sources (stored in Supabase or fed from upstream) — which the agent is expected to read and interpret to generate personalized messages that drive tool outputs and campaign decisions.