dropshipping-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and tasks (SKILL.md and the eval task files such as inventorySync.ts and orderRouting.ts) explicitly ingest third-party supplier data — e.g., supplier REST APIs, CSV/FTP feeds (downloadFtpFile), and marketplace apps like DSers/Spocket — and the agent is expected to read that untrusted external content to make routing and fulfillment decisions.