frappe-core-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes concrete runtime flows that fetch and process external, user-configured HTTP content (e.g., calling arbitrary API base_url in SKILL.md/examples.md and receiving POSTed webhook payloads in references/webhooks-reference.md), so it clearly ingests untrusted third‑party data that can influence processing and actions.