wp-apis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's HTTP API examples (wp_remote_get / wp_remote_post) — specifically the map_get_external_data() example fetching and json_decoding https://api.example.com/data — show the plugin fetching and ingesting external (potentially untrusted) third‑party responses as part of runtime logic, which could allow indirect injection if that data is interpreted or rendered.