gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires the agent to "eagerly read existing OpenAPI spec, error catalog, rate-limit policy, and consumer contracts at SCAN" and discusses agents fetching llms.txt/llms-full.txt and /openapi.json from API roots (see the Core Contract and Principles), which means the agent will fetch and interpret publicly hosted third‑party API documentation that can materially influence breaking‑change detection and subsequent tool/actions.