request-validation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and validates untrusted user-generated input (e.g., "All API endpoints accepting user input", "Form submissions", "File uploads", "Webhook payloads") and parses req.body / req.query / req.params in the validation middleware, so it reads third-party content as part of its runtime workflow.