dv-metadata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to GET and parse metadata and form XML from the target Dataverse environment (e.g., the "Retrieve and modify an existing form" flow that GETs /api/data/v9.2/systemforms and reads forms[0]["formxml"]), which is user-generated/untrusted metadata the agent must interpret and can directly influence subsequent API calls and modifications.