shortcut

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to send requests to Apideck's proxy endpoint (https://unify.apideck.com/proxy) which forwards and returns Shortcut's native API responses (see https://developer.shortcut.com/api/rest/v3), meaning the agent will fetch and read untrusted, user-generated Shortcut content as part of its workflow.