senior-backend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's load-testing tool (scripts/api_load_tester.py) and SKILL.md Quick Start explicitly accept and fetch arbitrary public URLs (e.g., "python scripts/api_load_tester.py https://api.example.com/users"), ingesting their HTTP responses and using those results to make comparisons and recommendations, which means untrusted third-party content can materially influence the agent's decisions.