composio-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and references/power-user-examples.md) explicitly shows calling execute("GMAIL_FETCH_EMAILS") and using emails.prompt() fed into experimental_subAgent() (and proxy()/fetch examples), which ingests user-generated/third-party content (emails and API responses) and has the agent read/interpret that content to produce structured outputs and drive subsequent actions, creating a clear avenue for indirect prompt injection.