setup-agentpw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (references/patterns.md, "Pattern 4: Proxy pattern — classify upstream 401s") explicitly fetches arbitrary targetUrl responses and passes the upstream HTTP response into pw.connect.classifyResponse and pw.connect.prepare, meaning untrusted third-party HTTP content is read and can influence connection flows and subsequent agent actions.