onestack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls a Dokploy server (default http://211.47.74.86:3000) via the dokploy CLI (e.g., dokploy project all/search, dokploy application one, and the bootstrap script verifies API access) and parses JSON responses about projects/environments/applications that are user-provided and are used to make deployment decisions, so untrusted third-party content can influence agent actions.