openserv-ideaboard-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill instructs agents to call public GET endpoints (e.g., GET /ideas and GET /ideas/:id) and to read idea.description and idea.comments from the Ideaboard, which are user-submitted, public content and therefore untrusted third‑party text that the agent is expected to ingest and interpret (risking indirect prompt injection).