langchain-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests open web and public content (e.g., Document Loading with WebBaseLoader("https://example.com"), pre-built tools like DuckDuckGoSearchRun and WikipediaQueryRun, and RAG retrievers that format and pass retrieved documents into prompts/LLMs), so the agent will read untrusted third‑party/user-generated content as part of its workflow, enabling indirect prompt injection.