zapis-appointment-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill browses and scrapes open public Zapis.kz pages (scripts/zapis_playwright.py uses user-provided salon/profile URLs and calls element.inner_text to extract slot text) and also ingests API responses from the public /available-times endpoints (scripts/zapis_api.py), so it clearly reads untrusted third‑party content as part of its workflow.