zapsign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Create Document from PDF URL" workflow explicitly accepts a public PDF URL (url_pdf) and the API returns/consumes externally hosted files (original_file/signed_file), meaning the service will fetch and process arbitrary third-party web content which could embed instructions that influence subsequent actions.