baidu-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scripts/search.py clearly calls Baidu AI Search's web_search endpoint (https://qianfan.baidubce.com/v2/ai_search/web_search) and ingests/prints the returned "references" (open web search results), so untrusted public third‑party content is fetched and would be read and used by the agent.