endpoints

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the public endpoints.work API (e.g., POST /api/scan, GET /api/endpoints/{...}, GET /api/files/{key}) and ingests AI-extracted metadata, originalText and S3 file URLs derived from user-uploaded or third‑party documents—which the code explicitly reads, saves, summarizes, and uses to drive endpoint/item creation and deletion—so untrusted, user-generated content from the third‑party service can materially influence agent actions.