docyrus-app-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Regenerating Collections After Schema Changes" workflow explicitly instructs fetching a tenant OpenAPI spec via curl (step 2: curl -o openapi.json "<publicUrl returned from step 1>"), meaning the agent is expected to download and ingest an externally hosted OpenAPI JSON that can alter generated collections/endpoints and thereby materially influence subsequent actions.