event-lead-enrichment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries Common Room with commonroom_list_objects (SKILL.md Step 4) and ingests returned fields like "about", "subIndustry", and "tech_highlights" (see build_enriched.py) which are read and used to compute ICP scores, tiers, and next actions, so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly fetches runtime Markdown from the external "Tiger Den" marketing store via get_marketing_context(...) (slugs: event-lead-scoring-rubric, event-lead-domain-aliases, cr-customer-pull-runbook) and uses those fetched docs to drive scoring/rubric/alias behavior, so the Tiger Den fetch is a required runtime external dependency that directly controls the agent's behavior.