primitives

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MessagePrimitive.Content explicitly renders external content (e.g., Source parts with part.url, Image parts with part.image) and supports user attachments in the Composer, so the UI will display/ingest arbitrary public URLs and user-provided content (and even points to a public URL assistant-ui.com/llms.txt), exposing the agent to untrusted third-party content.