agentic-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes explicit tool implementations that fetch and ingest arbitrary web content—e.g., the Python read_webpage tool (returns response.text from ctx.deps.http_client.get(url)) and the Node/Claude examples with a web_search/read-URL tool—so the agent will read untrusted public webpages/search results as part of its workflow, allowing third-party content to influence actions.