query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to use WebFetch to read Dora Swagger pages at {base_url}/api/swagger/index.html and then use the discovered endpoints to make HTTP calls, meaning it fetches external API documentation (third‑party) and uses that content to drive subsequent requests and behavior.