openrouter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly describes a web-search plugin and server-side tool use (see references/api/api-reference/anthropic-messages/create-messages.md which defines server_tool_use/web_search and web_search_tool_result with URLs/snippets, and references/INDEX.md listing a "Web Search" plugin), which indicates the agent can fetch and ingest arbitrary public web content (third-party URLs/snippets) that it is expected to read and that could influence actions.