agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows agents to call arbitrary external webhooks and client tools and to ingest their responses into the conversation (see references/client-tools.md webhook examples like https://api.mystore.com/orders/lookup and references/agent-configuration.md knowledge_base/rag settings), meaning untrusted third‑party content can be read by the agent and materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The embed script https://unpkg.com/@elevenlabs/convai-widget-embed is loaded at client runtime, executes remote JavaScript in the user's browser, and is a required dependency for the widget embedding, so it represents a runtime external resource that executes remote code.