model-serving

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes LangChain RAG and agent examples that ingest and retrieve external, user-generated or public content (e.g., examples/langchain-agents/main.py's SearchDocs and the "WebSearch" tool in examples/langchain-agents/README.md, plus the LangChain RAG flow in examples/langchain-rag-qdrant/README.md), so the agent is expected to read and interpret untrusted third‑party content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls hub.pull("hwchase17/react") at runtime to load an agent prompt from LangChain Hub (e.g. https://smith.langchain.com/hub), which directly supplies the prompt/instructions used to construct the agent and is a required runtime dependency, so it can control agent behavior remotely.