rapidapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call RapidAPI endpoints for "Google Flights Live" and "Booking.com Live" (see the Sources section and the curl examples to google-flights-live-api.p.rapidapi.com and booking-live-api.p.rapidapi.com), which ingests live, public third‑party website data that can affect search results and decision-making.