umbraco-openapi-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The generation script (Client/scripts/generate-openapi.js) and the package.json "generate-client" script fetch and ingest an arbitrary swagger.json URL (swaggerUrl) provided at runtime, meaning the agent will read and parse untrusted, user-supplied OpenAPI specs from external URLs.