newapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's help workflow (docs/help.md, "Type 2: API usage questions") explicitly instructs the agent to fetch and parse external public webpages (e.g., https://apifox.newapi.ai/llms.txt and https://www.newapi.ai/llms.txt) and to "Answer the user based on the fetched content," which means untrusted third‑party page content is ingested and can influence the agent's subsequent responses and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's help instructions explicitly direct the agent at runtime to fetch external documentation indexes (e.g., https://apifox.newapi.ai/llms.txt and https://www.newapi.ai/llms.txt) and then fetch pages from those indexes to drive the agent's responses, meaning external content would directly control prompts/answers during execution.