zoho-bugtracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly exposes the agent to third-party, user-generated Zoho content via actions like "List Bug Comments", "Get Bug Details", and proxy requests to the Zoho Bugtracker API (see "Popular actions" and "Proxy requests"), so the agent will fetch and read external bug reports/comments that could contain instructions influencing subsequent actions.