api-workshop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Phase 1 explicitly says "If given a URL: Fetch the existing API spec and summarize it" (SKILL.md), and those fetched, user-provided/open-web API specs are read and used by the agents to drive design decisions, so arbitrary third-party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches a user-provided API spec URL at runtime (e.g., "https://api.example.com/openapi.json") and injects that fetched spec into the agents' context to summarize and drive design/review prompts, so external content can directly control agent instructions.