http-debugger

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to fetch and inspect captured HTTP requests and response bodies via the Smello API (e.g., curl 'http://localhost:5110/api/requests' and curl http://localhost:5110/api/requests/{id}), which exposes arbitrary, untrusted third-party request/response content from external hosts that the agent is expected to read and act on when debugging.