dify-llm-platform

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly configures agents to use public web sources (see "Agent Development" → "Built-in Tools" and the "Research Agent" example listing Google Search, Wikipedia, and Web Scraper), meaning the agent fetches and ingests untrusted third‑party content that it is expected to read and act on during workflow execution, enabling indirect prompt injection.