building-agents-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs nodes to call web_search ("search-web" node system_prompt: "Search the web for: {query}. Use web_search...") and to scan repositories via scan_github_repo (scanner_node), meaning the agent fetches and interprets arbitrary public web content and user-provided repos, which are untrusted third‑party sources.