claude-cli-agent-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Tool Names and Input Fields" section explicitly includes WebFetch (url) and WebSearch, meaning the agent can fetch and ingest arbitrary open-web URLs/search results (untrusted, user-generated content) which it will read/interpret as part of its workflow.