azure-aigateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to import and parse OpenAPI/Swagger specifications from arbitrary public URLs (see Pattern 9: --specification-url "https://example.com/openapi.json") and references public GitHub/docs, meaning the agent may fetch and interpret untrusted third‑party content (public OpenAPI specs) as part of its workflow.