code-interpreter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly provides internet/network access and examples that fetch and parse arbitrary public web content (see "Network: Internet access available (can use requests, urllib, curl)" and "Pattern 5: Fetch Data from Web" as well as libraries like beautifulsoup4), meaning the agent can ingest untrusted third‑party pages/APIs during its normal execute_code/execute_command workflows and those contents could influence subsequent code execution or decisions.