exploiting-broken-function-level-authorization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and agent clearly fetch and interpret arbitrary third-party API responses (e.g., SKILL.md Phase 1/Step 1 calling BASE_URL paths and references/api-reference.md curl of swagger.json) and scripts/agent.py's test_endpoint_access which requests user-supplied BASE_URL/endpoints, so untrusted remote content is ingested and used to drive further tests and decisions.