web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls zai.functions.invoke('web_search') to retrieve search results (URLs, snippets, titles) from the open web and then reads/processes those public third-party results (e.g., building summaries and feeding snippets into chat completions), exposing the agent to untrusted web content that could carry indirect prompt injections.