python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (references/agent-patterns.md) explicitly shows a RAG pattern that uses an app_tool "tavily/search-assistant@latest" to search the web and instructs the agent to use and cite web results, and other examples (references/files.md, references/sessions.md) show passing arbitrary URLs and browser-automation to agents, so the agent is expected to fetch and act on untrusted public web content that can materially influence its actions.