nango-function-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and examples explicitly instruct using the Nango HTTP API and runtime calls like nango.get / nango.paginate to fetch provider API docs/responses and sample payloads (see SKILL.md "Gather required inputs... use the Nango HTTP API" and references/syncs.md examples), meaning the agent will ingest untrusted third‑party API/web content and use it to drive checkpoints, deletions, and subsequent actions.