code-mode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly states the MCP tool "executes the underlying API call" and passes the raw API response into the sandbox as a DATA variable (SKILL.md Step 3a / Step 4 and references/benchmark-pattern.md which even suggests "Hit real API"), meaning the agent will ingest untrusted, user-generated/public third‑party responses (e.g., GitHub, Slack, SCIM, Kubernetes) and use the processed output to drive subsequent reasoning/actions.