extension-http-outcalls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the backend calling OutCall.httpGetRequest(url, ...) and httpPostRequest with an arbitrary URL parameter (see the "Usage for GET" example in SKILL.md), which clearly allows fetching and ingesting content from open/public third-party URLs that the agent would read and could influence subsequent behavior.