ffc-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs commands to call the Frappe API via internal/client/client.go (e.g., client.New(cfg) and endpoints like /api/resource/{DocType} and /api/method/...) using config or env vars (FFC_URL, --site, etc.), meaning the agent will fetch and parse responses from arbitrary third-party Frappe sites (untrusted/user-provided) and use those responses to drive output and behavior.