cal-com

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Core APIs) calls Cal.com's public API endpoints (e.g., https://api.cal.com/v2/event-types, /v2/slots/available, /v2/bookings) to fetch event types, availability, and bookings — which are user-generated/untrusted content that the agent is expected to read and use to decide/create/cancel/reschedule bookings, so third-party content could influence actions.