ai-provider-cohere-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RAG and tool-use workflows explicitly ingest and ground responses on external documents (e.g., examples/tools-rag.md "RAG with Inline Documents" which includes a document with url "https://typescriptlang.org", the embed+rerank retrieval pipeline in examples/embeddings-rerank.md, and the tool use loop in examples/tools-rag.md that submits tool results as documents), so the agent is expected to read untrusted third‑party content and use it to make tool calls and generate decisions, enabling indirect prompt injection.