scaffolding-marketplace-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and processes data from public third‑party APIs and endpoints (e.g., BaseMarketplaceClient.fetch to Shopify/WooCommerce/Bol/Etsy APIs, the Next.js Shopify webhook route handling X-Shopify-Topic and body, and the pollEtsyOrders function reading Etsy receipts), which are untrusted/user-generated sources that the agent reads and interprets as part of its workflow.