appstorereject-resolve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call https://api.appstorereject.com (search and rejections/detail endpoints) to fetch rejection details — including "community solutions" — which the agent must read and use to plan fixes, so untrusted third-party content could directly influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime curl requests to https://api.appstorereject.com (e.g., /api/search, /api/rejections/batch, /api/rejections/detail, /api/rejections/report), and the responses are used to produce the agent's resolution steps/instructions, so this external API directly controls agent prompts and is relied on at runtime.