http-toolkit-intercept

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells the user/agent to "Export outbound HTTP from HTTP Toolkit" (GUI export or admin API / HAR/JSON) and to "cross-reference the outbound HTTP export with the inbound program session log," which means the agent will read request/response bodies captured from arbitrary remote websites/APIs (untrusted third-party content) and use those contents to determine next actions — meeting all criteria for indirect prompt injection risk.