cold-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public, user-generated content (LinkedIn profiles and posts via the Crustdata MCP calls like mcp__crustdata__get_person_linkedin_posts and mcp__crustdata__enrich_person_by_linkedin) and also instructs the agent to perform web research on public sites, and that external content is parsed and used to shape subject lines, hooks, and follow-up actions, so third-party content can materially influence downstream behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly calls the Crustdata MCP with user-provided LinkedIn profile URLs (e.g., https://www.linkedin.com/in/johndoe) at runtime and uses the fetched profile and recent posts to directly personalize and control the generated email prompts.