query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly tells the agent to fetch and parse Dora's Swagger page (via WebFetch at {base_url}/api/swagger/index.html) and to make direct HTTP calls to discovered endpoints, meaning it reads untrusted third-party API/webpage content that can change which endpoints and actions the agent performs.