home-assistant-custom-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The integration fetches and ingests JSON from arbitrary, user-specified HTTP hosts (see references/msp_integration_101_intermediate/api.py: requests.get(f"http://{self.host}/api") called by ExampleCoordinator.async_update_data), so it reads untrusted third‑party content provided by external APIs as part of its normal workflow.