agent-app-store

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill browses and processes user-published marketplace content (e.g., app listings via mcp__flow-nexus__app_search, app source_code via mcp__flow-nexus__app_store_publish_app, deployable templates, and community reviews) from the Flow Nexus app store, which are untrusted third-party submissions the agent is expected to read and act on.