salvo-basic-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Request access examples (e.g., req.query, req.param, req.parse_json() in the "Request access" section of SKILL.md) show the app ingesting arbitrary HTTP request data from external clients, which is untrusted user-generated content that the handlers are expected to read and could influence runtime behavior.