api-attack-surface-mapper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required input "api_spec_source" (OpenAPI URL/file, Postman collection) and Phase 1 step "Parse spec and resolve path templates" show it fetches and interprets arbitrary external specs/URLs (untrusted, user-provided third-party content) which directly drive test generation and subsequent actions.