aptx-api-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted third‑party content because its RequestClient/FetchTransport (references/defaults.md
• "FetchTransport") and client.fetch/client.request flows explicitly send requests to arbitrary URLs and the DefaultResponseDecoder plus various middleware/plugins (references/defaults.md, middleware-patterns.md, extension-points.md) decode and act on response bodies, so external HTTP responses can be read and materially influence control flow and decisions.