nextcloud-admin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and download files and list directory contents from an arbitrary NEXTCLOUD_URL WebDAV endpoint (e.g. $NEXTCLOUD_URL/remote.php/dav/files/$NEXTCLOUD_USER/) and to parse those responses, meaning untrusted/user-generated content on that third‑party server is ingested and can influence subsequent tool actions.