ai-actions-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's templates and examples explicitly call arbitrary external APIs (e.g., ai-actions-skeleton/config/requests.json uses host "<%= iparam.api_base_url %>" and server/server.js calls $request.invokeTemplate and returns parsedResponse), and it instructs the developer/agent to fetch API documentation and user-supplied endpoints, so it clearly ingests untrusted third‑party content (external API responses/docs) that could enable indirect prompt injection.