apideck-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly shows runtime API calls to external third-party connectors (e.g., s.Crm.Contacts.List with ServiceID "salesforce" and s.FileStorage.* for Files/SharedLinks) that fetch user-generated/untrusted data from external services (CRMs, file storage, accounting systems) which the agent is expected to read/iterate and which can materially influence subsequent actions.