outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and Five Laws explicitly require the agent to use specific public signals (e.g., LinkedIn posts, FreightWaves article, company careers pages, G2 reviews) and instruct "run /research first" and to open messages with those references, so the agent is expected to fetch and interpret untrusted public/user-generated web content that can materially alter its outputs.