functions-markdown-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows the agent runtime to fetch and ingest publicly accessible URLs (see "Step 4: Review and Sanitize Skills" — "Anonymous GET requests are OK. Skills CAN instruct the agent to fetch data from publicly accessible URLs using HTTP GET"), so the agent will read untrusted third-party web content as part of its workflow and that content can influence behavior.