crm-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses external user-provided sources (e.g., "Data source: ... Google Sheets, email platform, ad platform" in Input Required) and step 3 "Validate input data" requires the agent to read and act on that content, so untrusted third-party content can influence mapping, deduplication, and sync actions.