cold-email-kickoff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly invokes /icp-onboarding which "scrapes the user's website first" and /campaign-strategy which "takes the profile + website + any case studies it can scrape" (and the flow also references scraping public sources like Google Maps via /google-maps-list-builder), so the agent fetches and interprets untrusted public web/user-generated content that can materially influence subsequent tool choices and actions.