google-zx-scripting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's reference examples (e.g., references/processing-recipes.md "Download Files in Parallel" which reads urls.txt and runs curl on each URL, and "Batch API Calls with Rate Limiting" / AI script examples which call fetch() on external APIs and LLM endpoints) explicitly fetch and ingest content from arbitrary external URLs/APIs, which the scripts parse/use (e.g., writing JSON, generating code, or feeding content to an LLM), so untrusted third‑party content can influence subsequent actions.