documenso-local-dev-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required scripts and tests (e.g., scripts/verify-connection.ts, scripts/cleanup-test-docs.ts, and the integration tests in tests/integration/documenso.test.ts) call the Documenso API (DOCUMENSO_BASE_URL, including stg-app.documenso.com) to fetch and inspect user documents/metadata and then take actions (filtering/deleting), which clearly ingests untrusted third‑party/user-generated content that can influence behavior.