swiggy-dineout-booking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls the external "dineout" server via swiggy-cli (e.g., swiggy dineout search/details/slots) and surfaces server-returned data such as menu highlights, ratings and available slots—which are untrusted third-party content the agent reads and uses to choose/book reservations.