setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and streams content from external/untrusted endpoints — e.g., the CLI supports --preset and registry URLs (https://r.assistant-ui.com/{name}.json), and runtimes like useAgUiRuntime (HttpAgent to agent endpoints), useLangGraphRuntime (client.threads.list()/stream from a LangGraph API) and cloud thread management stream remote agent/thread content into the assistant UI, which could be user-generated and enable indirect prompt injection.