app-studio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and ingests content from arbitrary Domo instances (e.g., GET /content/v4/pages/{pageId}/layouts, GET /query/v1/datasources/{dataset_guid}/schema/indexed, and POST/PUT calls to https://{instance}.domo.com/domoapps/...), which are user-generated/untrusted page, card and dataset contents that the agent must read and then act on (modify layouts, create cards, set templates), so third-party content can materially influence subsequent tool use and actions.