php-modernization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instantiates adapters from database-stored Provider records (ProviderAdapterRegistry::createAdapterFromProvider reading provider->getEndpointUrl()) and the concrete adapters (e.g., OpenAiAdapter::chat) perform HTTP requests to those endpoints and return parsed responses which LlmService.chat and ProviderController::testConnectionAction consume—so arbitrary external API responses (untrusted third‑party content) are fetched and interpreted as part of the workflow.