etsy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent calling Apideck endpoints and the Proxy to Etsy (e.g., apideck.ecommerce.orders.list({serviceId: "etsy"}) and the x-apideck-downstream-url proxy flow) which fetches untrusted, user-generated Etsy content (orders/products/customers) that the agent is expected to read and act on as part of its workflow, so third-party content could influence subsequent actions.