azure-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries and reads responses from deployed public endpoints (e.g., curl health checks and endpoint verification in references/recipes/*/verify.md and the SKILL.md "Verify Success" / Steps 8–10), meaning it ingests arbitrary app-hosted (user-controlled/public) content and uses those results to decide success/error handling and next actions.