frappe-doctype-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/virtual-doctypes.md includes code that fetches and ingests external API data (e.g., fetch_from_api() calling requests.get("https://api.example.com/products") and load_from_db()/get_list implementations), meaning the agent is expected to read and act on untrusted third‑party content as part of the DocType workflow.