news-signal-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses open web and social content (e.g., "AUTO-TRIGGER: Load this composite whenever a user shares a URL (LinkedIn post, article, tweet...)" and Step 1 Mode A: "If URL → fetch the page, extract article text") and then uses that untrusted, user-generated third‑party content to drive extraction, qualification, connection-angle decisions, contact finding, and automated outreach, so third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches user-supplied news URLs at runtime (news_input items with type="url") and injects the fetched page text into the agent's extraction and prompt flow, so external content can directly control the model's prompts and required behavior.