TypeScript SDK Reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill exposes the agent to untrusted third-party content because the Tool Reference (TOOLS.md) and SKILL.md document WebFetch (takes an arbitrary url and performs "AI analysis") and WebSearch (returns web results), which the agent is expected to read/interpret as part of its workflow and can materially influence subsequent tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt exposes powerful tools (Bash, Write/Edit) capable of modifying files and running shell commands, and even includes a 'permissionMode' value 'bypassPermissions' and examples that enable bypassing permissions and in-process tool execution—effectively encouraging the agent to circumvent security and change machine state.