cmo-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests user-supplied briefs and reference URLs (SKILL.md "If the user dropped a brand brief into the conversation (URL, doc, or paragraph)" and "Any tone/visual references (URLs or 'no opinion')") and requires the agent to produce personalized influencer DMs that "name something specific from that creator's recent work" (prompts/06-influencer-army.md), which forces the agent to read/interprete untrusted public social media/web content that can materially change outreach behavior.