aliyun-bdrc-backup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and scripts (scripts/list_openapi_meta_apis.py) explicitly fetch and parse the public OpenAPI metadata at https://api.aliyun.com/meta/v1/products/BDRC/versions/2023-08-08/api-docs.json as part of API discovery, and those externally fetched docs are used to decide which APIs/parameters to call, so untrusted third‑party content can influence agent behavior.