python-programming

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Async Programming section (functions fetch_with_retry and fetch_all_pages in SKILL.md) explicitly fetches JSON from arbitrary base_url/URL endpoints and yields that data for processing, which means it can ingest untrusted public third‑party content (APIs/web pages) that could carry indirect prompt injection.