step-parts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md and scripts/download_step_part.py) explicitly queries and ingests data from the public API origin https://api.step.parts (e.g., /v1/parts, /v1/parts/{id}) and downloads arbitrary STEP files via returned downloadUrl, so it consumes untrusted third-party content that directly influences selection, downloads, and subsequent actions.