linkedin-profile-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and verify public LinkedIn profiles and to ingest portfolio/hosted CV links (see "Input Types" and "Phase 0" in SKILL.md), meaning it reads untrusted, user-generated third-party content and uses it to drive auditing and profile-editing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching a user's live LinkedIn profile during runtime (e.g., https://www.linkedin.com/in/whoisabhishekadhikari) to verify handles and ingest profile text, and that fetched content is used directly to drive the audit/rewrites (thus controlling agent prompts).