feature-flags

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Infra and model routing code in SKILL.md explicitly fetches external URLs configured in flags—e.g., startHealthChecks calls fetch(variant.healthEndpoint) and generateResponse posts prompts to modelVariant.endpoint—so it ingests arbitrary third-party endpoints' responses and uses them to select variants or return outputs, which can materially influence behavior.