erpnext-impl-scheduler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests untrusted third‑party content (e.g., references/examples.md -> myapp/sync.py calls requests.get against https://api.external.com/v1 and processes response.json(), and examples/importer.py reads user-uploaded CSV via a File.file_url), and that external data is parsed and used to create/update records and drive job behavior, so it can materially influence subsequent actions.