shieldsio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's api-reference and testing-debugging docs explicitly describe Dynamic JSON/TOML/XML/YAML badges that take a url parameter and extract arbitrary values from external JSON/TOML/XML/YAML documents (references/api-reference.md and references/testing-debugging.md), meaning the agent would ingest untrusted public content and act on extracted values as part of its workflow.