claimable-postgres

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls the public API at https://pg.new/api/v1/database (see "Agent Workflow" → "Provision" / "API path") and parses the returned JSON (connection_string, claim_url, expires_at) which the agent then uses to decide actions (writing .env, running seeds, opening claim URLs), so it ingests untrusted third‑party content that can materially influence subsequent tool use.