xentral-erp-headless-checkout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and reference files explicitly instruct the agent to fetch and parse data from arbitrary Xentral instances (e.g., fetch calls to https://{instance}.xentral.biz/api/... using the xentral()/fetchAll helpers), and those API responses are used to decide and perform actions (create/update/delete orders, setTotalStock, etc.), so untrusted instance content could materially influence tool use and behavior.