protocolsio-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from protocols.io (e.g., "GET /protocols" and "GET /protocols/{protocol_id}" and "GET /protocols/{id}/comments" in Workflow 1 and other workflows, with content_format options like html/markdown), and instructs the agent to read/parse protocol text and community comments which can directly influence subsequent actions—creating, editing, publishing, or executing protocols—so it exposes the agent to untrusted third-party content that could enable indirect prompt injection.