cold-email-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes and ingests public third‑party content for personalization (Phase 3: tools like firecrawl_scrape_url, firecrawl_batch_scrape, firecrawl_extract_branding, and scrape_linkedin_profiles are used to read company pages and LinkedIn), and that untrusted user-generated/web content is then read and used to shape drafts and sending decisions—so external content can materially influence agent behavior.