fastapi-async-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly consumes untrusted third-party and user-provided content — e.g., aggregate_user_data and call_external_api use httpx to fetch arbitrary external APIs like https://api.example.com/... and get_fastest_price queries external stores (store1.com/store2.com), and the chat/websocket endpoints receive and broadcast client-sent messages — all of which the agent reads/returns as part of its workflow.