forge-connector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scaffolds connector code (see scripts/scaffold_connector.py which writes src/index.ts with fetchExternalData calling ${apiUrl}/items) and the SKILL.md/README state the connector ingests admin-provided external API data into the Teamwork Graph and that Rovo Chat can reference/cite those ingested objects, so arbitrary third-party content supplied via the configured apiUrl will be read and can influence agent responses.