set-up-wso2-open-banking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests files from public third‑party URLs (e.g., Maven Central JDBC jar via curl, APIM/connector zips from apim.docs.wso2.com, and OB CA certs from openbanking.atlassian.net) and then extracts and runs/uses files and scripts from those downloads (e.g., merge.sh/configure.sh, update binaries, keystore imports), so external content can directly influence execution and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads and installs remote executable artifacts at runtime—e.g. the JDBC driver "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/9.6.0/mysql-connector-j-9.6.0.jar" and APIM connector zips such as "https://apim.docs.wso2.com/en/4.2.0/assets/attachments/administer/wso2is-extensions-1.6.8.zip"—which are required dependencies and will load/execute code in the target products, so they constitute a runtime remote-code dependency risk.