postman-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Decision Guide and MCP tool list explicitly reference searching and drilling into public Postman workspace collections (see "Find an API" and the searchPostmanElementsInPublicNetwork tool in SKILL.md), which means the agent will fetch and interpret user-generated public collections that could contain untrusted instructions affecting actions.