airflow-dag-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a custom sensor (Pattern 4: wait_for_api) that performs requests.get('https://api.example.com/health') and places response.json() into XCom, meaning it fetches and consumes untrusted third‑party HTTP JSON which the DAG later reads/interprets (process_data), exposing the agent to potential indirect prompt injection.