fastapi-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes runtime code that ingests untrusted third‑party content — notably the websocket_endpoint that calls ws.receive_json() and passes messages to handle_message (processing arbitrary client-sent data), and an example endpoint that uses an httpx client to fetch external data (references/dependency-injection-patterns get_http_client -> client.get("/data")), so the agent would read/interpret untrusted external/user-generated content as part of its workflow.