workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow examples explicitly fetch and ingest content from external/public APIs (e.g., fetch('https://api.example.com/large-dataset'), fetch('https://primary-api.com/data')) and use user-provided or DB-derived fields in prompts (e.g., env.AI.run(..., prompt: Summarize: ${user.bio}) and params passed to create()), so the agent is expected to read and act on untrusted third‑party/user-generated content.