docyrus-api-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents connector and automation runtime endpoints (e.g., PUT /v1/connectors with an "endpoint" that accepts absolute URLs, and automation action node types like "http-request" and "external-action" / "ai-agent") which permit fetching and ingesting arbitrary external/public URLs and using their responses to drive subsequent actions, so untrusted third‑party content can materially influence agent behavior.