http-api-smoke-tester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's http_api_smoke_tester.py reads a user-supplied JSON plan (plan.base_url and steps) and uses urllib.request.urlopen to fetch arbitrary HTTP URLs (base_url + path), ingesting untrusted public responses which are parsed and used to evaluate assertions that determine pass/fail and the tool's exit code.