durable-functions-dotnet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions and examples show HTTP entry points (e.g., HttpStart, RaiseEvent, SubmitApproval, CounterOperation) that read arbitrary request bodies and pass them into orchestrations/events and also show orchestration DurableHttp calls to external URLs (context.CallHttpAsync), so untrusted user-provided or public-website content is clearly ingested and can change orchestration behavior and subsequent actions.