public-api-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script (scripts/search_apis.py) fetches and parses the public-apis catalog from the raw GitHub URL (https://raw.githubusercontent.com/public-apis/public-apis/master/README.md), which is user-contributed public content that the agent ingests and uses to decide and recommend APIs, so untrusted third-party content could influence its actions.