fynt-workflow-engine-runtime

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly includes runtime code and required workflow steps that perform outbound fetches to arbitrary endpoints supplied in node configs (e.g., assets/snippets/secure-http-helper.ts performs fetch(params.url) after validateOutboundUrl, assets/snippets/node-type-contract.ts defines an endpoint field on customApiNode, and the source-pattern-map and executor snippets describe HTTP/provider executors), meaning untrusted third-party responses would be ingested and could influence execution flow.