streaming-api-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and streams content from arbitrary URLs (see extraction_node calling extract_content(state["url"]) and run_workflow_task accepting a url which is published via the EventBroadcaster and SSE endpoints), so untrusted public/web content can be ingested and replayed to the agent or LLM pipeline.