frappe-syntax-serverscripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and its references (e.g., "Core Methods" / "HTTP (yes, these work in sandbox!)" and the "External API Integration" example in references/examples.md) explicitly show using frappe.make_get_request to fetch arbitrary external URLs (e.g., https://api.example.com/products) and then parse and act on the returned data, so untrusted third‑party content can be ingested and materially influence script actions.