yba-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill explicitly directs the agent to fetch and parse live, external resources (user-specified YBA API endpoints and Prometheus at http://:9090, plus public docs and repo files such as the interactive reference at https://api-docs.yugabyte.com and the v1.routes/openapi files on GitHub) and to interpret those responses to build subsequent API calls, so untrusted third-party content can materially influence behavior.