airtable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows runtime code that fetches Airtable records and webhook payloads via the Airtable API (e.g., list_records, get_base_schema, create_webhook / list_webhook_payloads), which ingests user-generated/untrusted record content that the agent is expected to read and act on (create/update/delete), so third-party data could indirectly inject instructions.