connector-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and workflow (references/examples.md and SKILL.md) explicitly use httprequest.get to fetch arbitrary external API responses (e.g., https://api.example.com/data1) and then parse and follow responseData.paging?.next?.link, meaning untrusted third‑party content is ingested and can directly control subsequent requests and processing.