agentic-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit web-fetching tools (e.g., the Node.js "web_search" tool and the Python research_agent's read_webpage implementation which calls ctx.deps.http_client.get(url) and returns response.text), so the agent fetches and ingests content from arbitrary public URLs and search results which are untrusted third‑party sources.