langsmith

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and SDK examples explicitly show runtime ingestion of public, user-contributed content (e.g., client.clone_public_dataset("https://smith.langchain.com/public/..."), evaluate(data=...), and prompt pull/push in references/python-sdk.md / references/typescript-sdk.md and the quickstart script), so the agent would read and act on untrusted third-party datasets/prompts that could carry instructions.