moai-platform-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's reference/convex.md contains concrete runtime code that fetches and ingests data from external URLs (e.g., the "Actions (External API Calls)" examples using fetch(https://api.weather.com/${args.city}) and the HTTP webhook route in convex/http.ts), meaning the agent would read and act on untrusted third-party responses as part of its workflow.