postman-api-readiness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches OpenAPI specs from Postman via MCP (see Workflow Step 1: "Postman: getAllSpecs + getSpecDefinition" and "Check MCP: Try getWorkspaces via Postman MCP") and then reads and acts on those user-provided specs (analyzing, editing, and pushing changes), which is untrusted third-party content that can materially influence subsequent tool actions.