DICOMweb Protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md requires the agent to contact arbitrary DICOMweb endpoints (e.g., GET/POST to {BASE_URL}/studies, QIDO-RS/WADO-RS/STOW-RS examples) and parse untrusted DICOM JSON and multipart responses from those third-party servers, which the agent reads and acts on as part of its workflow.