Node-RED

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core docs (SKILL.md) and reference files (e.g., references/external-apis.md and External API Integrations) explicitly instruct creating flows that use http request nodes, dynamic msg.url, webhooks and public APIs (OpenWeatherMap, Telegram, GitHub, arbitrary URLs), and those responses are parsed in function nodes to drive service calls and flow logic, so untrusted third‑party content is ingested and can materially influence actions.