etsy-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly downloads and reads public, user-generated Etsy content and arbitrary URLs (e.g., scripts/etsy_cli.py + scripts/etsy_http.py allow requesting full http(s) URLs and printing/parsing responses, and scripts/fetch_openapi_spec.py fetches the public OpenAPI JSON), so it ingests untrusted third‑party content that could carry indirect prompt injection.