abc-apifox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches OpenAPI documents from the external Apifox API (see scripts/apifox_client.py::_fetch_oas_from_api and scripts/check_env.py which POST to https://api.apifox.com/v1/projects/{project_id}/export-openapi), ingesting third‑party/user‑provided API documentation that the agent reads and uses for searches and responses, so untrusted content could carry instructions that influence agent behavior.