synology-file-station

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads JSON from an arbitrary SYNOLOGY_BASE_URL (see load_config_from_env and SynologyClient.fetch_api_info calling query.cgi and call_api/_request), parses remote API info and responses, and then uses those returned 'path', 'version', task IDs and response data to drive subsequent API calls and control flow, so untrusted third-party responses can materially influence agent behavior.