axim-rest-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (SKILL.md / README) explicitly shows runtime HTTP client usage that calls arbitrary external URLs — e.g., axim.web-client.services.* in application.properties, XWebClientFactory.create("http://external-api.com"), and @XRestService with configurable host — meaning the agent/app will fetch and parse untrusted third-party responses as part of normal workflows.