sales-app-extensibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Discovery step and the "API Documentation Ingestion" flow (SKILL.md and references/discovery-and-use-cases.md) explicitly instruct the agent to fetch and parse user-provided API documentation or arbitrary URLs (e.g., "Use fetch_webpage to retrieve the page content" and "ingest it to extract endpoint details and response shapes"), meaning the agent will load untrusted third‑party web content and act on it to generate code and choose runtime behavior.