testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's contract-test rules (references/nestjs-jest-contract-tests.md) explicitly require hitting real external APIs (e.g., "Let them hit the real API" and the KnownRecord comment referencing https://api.example.com/registry) and using those live responses in assertions, so untrusted third‑party content is fetched, interpreted, and can affect test behavior.