frappe-web-forms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly creates public web forms that accept untrusted, user-generated submissions and file uploads (see SKILL.md steps "Create the Web Form" and "Control permissions" — e.g., "Guest access" / public forms) and the required workflow includes server-side processing/validation and record creation of those submissions, so third-party content is ingested and can influence validation/recording behavior.