sequence-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Step 1 "Pull Campaign Data" explicitly pulls "the actual text of every reply" from third parties (via Smartlead MCP calls like mcp__smartlead__fetch_master_inbox_replies or by asking the user to provide a reply dump/CSV), which the agent is expected to read and use to drive analysis and recommendations, exposing it to untrusted, user-generated content that could include indirect prompt injection.