email-deliverability-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow and scripts explicitly fetch and parse untrusted third-party content — e.g., public DNS TXT records via dig in scripts/check-domain-auth.ts and campaign/sequence and mailbox data from the Smartlead and Smart Delivery APIs in scripts/audit-performance.ts and scripts/run-spam-test.ts — and those external values are interpreted to set flags and drive action items, so they could materially influence agent decisions.