nango-toolbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to access external third-party APIs via Nango (e.g., GET /integrations, GET /connections, POST /action/trigger) and to read/use those provider responses, which can include untrusted or user-generated content that may influence subsequent actions.