n8n-credentials-and-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's FINDING_API_DOCS.md and SKILL.md explicitly instruct the agent to locate and read public API documentation (official docs, OpenAPI/Swagger specs, Postman collections, GitHub repos, and other public web resources) to determine auth, endpoints, and request shaping, meaning untrusted third‑party content from open websites will be fetched and interpreted to drive tool configuration and actions.