workflows-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and templates explicitly fetch and ingest external, user-provided URLs and search results (e.g., @call mcp.fetch_data($data_source_url), @call mcp.search_context($research_topic, $SEARCH_API_KEY), and related mcp.http_get/mcp.http_post calls in the production-data-pipeline and agent-research templates) and then pass that untrusted content into @agent prompts (e.g., "@agent reviewer: ... $raw_data", "Sources: $sources"), meaning third‑party content can be interpreted by agents and influence downstream actions.