zapier-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Core Workflow and examples show the agent can run "read" actions against third-party apps (e.g., Slack) and make arbitrary authenticated HTTP calls via zapier.fetch("https://api.example.com/data"), meaning it will ingest untrusted/user-generated content from external apps/APIs that could influence subsequent actions.