testing-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly makes HTTP requests to external API/provider URLs (e.g., httpx.get('http://example.com/api/data'), using $API_BASE_URL/$PROVIDER_URL, pact.verify() against provider endpoints, and publishing/verifying pacts via --broker-url=$PACT_BROKER_URL), which means it ingests untrusted third-party responses that can influence test decisions and subsequent actions.