iii-http-invoked-functions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs registering and invoking external HTTP endpoints (“Registers external HTTP endpoints … third-party webhooks” via registerFunction(HttpInvocationConfig)), so the agent will fetch and process untrusted third-party HTTP responses that could influence its subsequent actions.