bedrock-agentcore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser Runtime (start_browser_session and update_browser_stream with the 'navigate':{'url': ...} action) allows visiting arbitrary public websites and interacting with their content, so the agent would ingest untrusted third-party web content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The create_agent_runtime example references an agentRuntimeArtifact at s3://my-bucket/agent-package.zip, which the runtime would fetch and execute as the agent package (remote code executed at runtime and a required dependency).