custom-domains

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow instructs the agent/operator to fetch and validate user-controlled public resources (e.g., the canister-served /.well-known/ic-domains via curl and DNS records via dig) and to call the public REST API for registration, meaning untrusted third-party content from arbitrary canisters/domains is read and used to drive registration/update/delete actions.