docuseal-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API reference explicitly accepts arbitrary HTML content and downloadable file URLs as inputs (see "POST /submissions/html" and "POST /submissions/docx" in references/api/create-a-submission-from-html.md and create-a-submission-from-docx.md, and the templates endpoints that accept HTML or file URLs), meaning untrusted third‑party/user-provided content can be ingested and parsed and could therefore influence template/submission processing and subsequent actions.