api-design-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's OrchestKit example explicitly accepts arbitrary public URLs in POST /api/v1/analyze and starts a background run_workflow_task that performs "extraction" and "analysis" of the URL's content (examples/orchestkit-api-design.md — create_analysis / run_workflow_task and SSE "extraction" stage), which means the agent ingests and interprets untrusted third‑party webpages.