node-red

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core docs (SKILL.md) and reference files (notably references/external-apis.md and references/ha-advanced-nodes.md) explicitly instruct using http request nodes, external APIs, and webhook/http-in nodes to fetch and process arbitrary public URLs and incoming webhooks, so untrusted third‑party content would be read and could influence runtime actions.