storyblok-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill contains runtime examples that fetch and ingest user-provided content from third-party services — notably Storyblok's Content Delivery API (e.g., cdn/stories, GraphQL), Management API, and integrations with external services (Shopify/commerce APIs, OpenAI/RAG/vector DB endpoints) — so the agent would read and act on untrusted, user-generated content as part of its workflow.