api-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and code templates (e.g., SKILL.md Example 1 using the GitHub API, references/rest-template.md createApiClient, and services/userService) explicitly create HTTP clients and fetch JSON from arbitrary third‑party endpoints (API_BASE_URL, GitHub, etc.), parse those responses, and use them to drive logic (errors, retries, routing), so untrusted/public API responses can materially influence behavior.