aptx-api-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow shows use of RequestClient.fetch/request and the FetchTransport (SKILL.md and references/defaults.md) plus ResponseDecoder and middleware/plugins (references/extension-points.md, middleware-patterns.md) that decode and act on HTTP responses from arbitrary URLs (e.g., absolute "https://example.com" examples, axios transport), so the agent would fetch and interpret untrusted public third‑party content which can change behavior (retry, token refresh, error mapping).