lead-research-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes “Search for companies matching the criteria” and “Look for signals of need (job postings, tech stack, recent news)” which typically requires fetching/reading public web pages or other outsiders’ authored content (e.g., scraped company/news/job pages) and then feeding that free-form text into the agent’s LLM context for analysis.