coda

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's runtime script (scripts/coda_export.py) calls the Coda API (e.g., fetch_all_pages and fetch_page_content which GET https://coda.io/apis/v1/docs/{doc_id}/pages/... via get_json) to fetch user-generated Coda document content and ingests it into the export workflow, so arbitrary third‑party doc content could influence downstream agent behavior (indirect prompt injection).