azure-aigateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly imports OpenAPI specs from public URLs ("Pattern 9: Import API from Web URL" showing az apim api import --specification-url ...) and converts APIs into MCP tools/endpoints (Pattern 10's MCP tools/list), meaning it fetches and ingests untrusted public API specs which can be interpreted as tool definitions and thus could indirectly inject instructions.