email-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to fetch and parse public third‑party content—e.g., curl GitHub commit .patches and repo clones (Method 1), scraping personal sites and conference pages (curl+grep), Google/DuckDuckGo dorking (Method 3), and calling enrichment APIs against public LinkedIn/GitHub/Twitter handles like Crustdata (Method 6)—all of which are untrusted user-generated/public web content that the agent must read and act on to choose/verify/send emails, so they could carry indirect prompt-injection payloads.