superplane-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs using commands like "superplane integrations list-resources --id --type " to fetch dynamic, user-generated resources from third-party providers (e.g., GitHub repos, branches) and requires using those returned values in canvas YAML, so untrusted external content can directly influence configuration and subsequent actions.