datasource-connectors

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md REST API and connector instructions explicitly tell the agent to fetch data from endpoint URLs (e.g., "http:///https:// + returns JSON/XML", ask "What is the endpoint URL?", and follow pagination patterns such as Link: rel="next"), so the agent will ingest and act on arbitrary public/untrusted web content that can influence subsequent requests and decisions.