fw-ai-app-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's rules and agent workflows explicitly require searching for and fetching official third‑party API documentation (e.g., "SEARCH" and "FETCH — Use mcp_web_fetch" in rules/ai-actions-api-docs.mdc and web_search limits in agents/integration-scoper.md), so the agent will ingest and act on untrusted public web content which can change its actions (implementation, request templates, auth) at runtime.