sf-integration-procedure

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly defines an HTTP Action that can call arbitrary external endpoints (see references/element-types.md "HTTP Action" with the path/property allowing full URLs like "https://api.example.com/..." and SKILL.md describing the HTTP response being stored and inspected for statusCode), so untrusted third‑party responses can be ingested and used to drive branching and downstream actions.