cargo-connection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md and the references (e.g., references/response-shapes.md and references/examples/integrations.md) explicitly require calling cargo-ai connection integration get and connector autocomplete to fetch third-party integration actions and dynamic autocomplete values (e.g., HubSpot object types/properties) which the agent reads and uses to select actionSlugs and populate workflow node configs, so untrusted external content can materially change behavior.