build-mule-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries Anypoint Exchange and fetches live connector metadata (via scripts/get_latest_connector.sh and scripts/describe_connector.sh which call anypoint-cli dx mule describe-connector) and the workflow (SKILL.md Steps 3–5, 11–13) requires the agent to read and act on that returned, third‑party connector content to choose connectors, triggers, providers, and versions—meeting the conditions for untrusted third‑party input that can change tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts (e.g., get_latest_connector.sh and describe_connector.sh) query Anypoint Exchange at runtime and use the live connector metadata/GAVs from https://www.mulesoft.com/exchange/ to drive AskUserQuestion prompts, connector selection, and generated build artifacts, so the external Exchange content directly controls agent prompts and code generation.