ai-native-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly implements web ingestion and RAG workflows that retrieve and use public web/third-party content — e.g., the search_web tool in templates/agent-workflow-template.ts and the retrieveDocuments/ragQuery pipeline in templates/rag-pipeline-template.ts (also used in examples/chatbot-with-rag) — and the agent is expected to read and incorporate those external documents as context, exposing it to untrusted third-party content.