erpnext-syntax-controllers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/examples.md explicitly show Virtual DocTypes and controller code (e.g., ExternalCustomer and ExternalProduct) that call external APIs (e.g., external_api.get_customers and requests to https://api.external-system.com/products) to fetch and map third-party data into documents, which the agent is expected to read/interpret at runtime and which can affect subsequent actions and logic.