sesame

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and parse live responses from external third-party APIs via secretctl request (see SKILL.md Step 3 "Make the Authenticated Request" and the examples in references/examples.md that call api.github.com, api.openai.com, Slack, etc.), and those upstream response bodies are consumed and used to drive subsequent actions (e.g., extracting IDs and making follow-up requests), so untrusted third-party content can materially influence behavior.