drafts-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main documentation and examples (SKILL.md and referenced scripting API docs) explicitly show making HTTP requests to arbitrary endpoints via HTTP.create()/http.request, opening arbitrary URLs and x-callback URLs (Open URL / Callback URL / WebDAV / Service Steps including Mastodon/WordPress), and parsing those external responses (e.g., API integration and HTTP.request examples) to modify drafts and control subsequent actions, meaning untrusted public content can be read and influence tool behavior.