fw-ai-actions-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly requires the agent to perform web_search / mcp_web_fetch of public third‑party API documentation and to base implementation and endpoint decisions on those fetched pages (see rules/ai-actions-api-docs.mdc and agents/integration-scoper.md / ai-action-integration-validator workflows), so it will ingest and act on untrusted public web content that could carry indirect prompt injections.