API Catalog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and reference files explicitly include Node-RED/YAML workflows that poll and parse public third‑party APIs and user‑generated sources (e.g., Telegram getUpdates/callbacks in references/global-apis.md, GitHub releases, public weather/transport APIs), and those parsed responses are used to drive Home Assistant actions (including unlocking doors and calling services), so untrusted third‑party content is fetched and can materially influence agent-driven actions.