boxlang-bif-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes a "CachedFetch" BIF example under "Accessing BoxRuntime Services From a BIF" that calls fetchFromUrl(url) and returns/cache the fetched result, clearly showing the skill can fetch and ingest arbitrary third-party URLs (untrusted web content) as part of its runtime workflow.