sap-btp-business-application-studio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow explicitly instructs fetching and ingesting untrusted public content—e.g., cloning arbitrary Git repositories (references/git-operations.md), installing Yeoman generators from the public npm registry and VS Code extensions from Open VSX (references/development-workflow.md and service-center-and-tools.md), and querying external/service catalogs or destination lists via the built-in proxy (curl $H2O_URL/api/listDestinations in references/connectivity-guide.md)—all of which the agent is expected to read/interpret and which can materially affect subsequent actions.