keyapi-pinterest-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls the KeyAPI MCP Pinterest endpoint (https://mcp.keyapi.ai/pinterest/mcp) to fetch public Pinterest user/pin/board/follower data (see SKILL.md Workflow and scripts/run.js where client.callTool parses responses and the numeric userid from get_user_information is used to drive get_followers_detail/get_following_detail), so it ingests untrusted, user-generated third‑party content at runtime that directly influences subsequent tool calls and analysis.