siebel-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and patterns explicitly instruct fetching and parsing data from arbitrary external URLs and loading third‑party scripts (e.g., core-concepts/integration.md shows EAI HTTP Transport calls to external APIs and references/open-ui-patterns.md shows require("http://www.google.com/jsapi") / window.open to external sites), so generated or deployed code will ingest public third‑party content that can be interpreted and drive subsequent actions.