wordpress-vip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and reference examples show fetching and processing arbitrary external URLs (e.g., vip_safe_wp_remote_get('https://api.example.com/...') and clientname_fetch_api/clientname_fetch_with_fallback and the scheduled sync clientname_run_sync that calls clientname_fetch_external_data), so untrusted third-party responses are ingested and can drive actions like processing data, creating/updating content, and cache invalidation.