endpoint-validator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches HTTP responses from a configured base_url + path (see Phase 1 Step 2: "Search for endpoint configuration" and Phase 2 Step 1: "Construct full URL... Send request ... Record status code, response time, and body"), parses and interprets those responses (JSON key checks, headers, timings) and uses them to decide PASS/FAIL and exit codes, so untrusted third-party endpoint content could materially influence agent behavior.