fhir-software

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and loads public third-party FHIR packages and server metadata (see SKILL.md "Package/Specification Management" with loadFhirPackage/downloadPackage and references to installing/loading hl7.fhir.* packages) and also fetches SMART config and /metadata from arbitrary FHIR base URLs (references/smart_on_fhir.md), which the agent is expected to parse and use for validation and runtime decisions—exposing it to untrusted, user-provided web content that can influence behavior.