documenso-local-dev-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and scripts (e.g., src/documenso/client.ts, scripts/verify-connection.ts, and scripts/cleanup-test-docs.ts) call the Documenso API at DOCUMENSO_BASE_URL (e.g., https://stg-app.documenso.com or a self-hosted localhost) to fetch document data (likely user-generated/untrusted) and then read and act on that data (filtering by title, deleting documents, driving test assertions), so external third-party content can materially influence agent behavior.