hubspot-app-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main workflow and examples (SKILL.md, references/fetching-data.md, and examples/complete-card-example.jsx) explicitly instruct UI extensions to call hubspot.fetch() to arbitrary external URLs (e.g., https://api.example.com/enrich), parse the returned JSON, and act on that data (displaying results and triggering actions), which exposes the agent to untrusted third-party content that could carry indirect prompt-injection instructions.