contacts-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 1 ("Identify Source and Extract") explicitly instructs the agent to gather and extract data from public LinkedIn profile URLs (and other external email signatures/meeting notes), meaning it will fetch and interpret untrusted, user-generated third-party content that can materially influence subsequent add/update actions.