clockify-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). scripts/main.py (download_openapi_spec / fetch_url) explicitly fetches and parses public documentation pages (default https://docs.clockify.me/ and any --docs-url supplied), extracting and downloading OpenAPI/Swagger URLs from arbitrary HTML, so external public specs/pages can be ingested and materially influence the agent's behavior.