azure-ai-formrecognizer-java

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and examples explicitly use beginAnalyzeDocumentFromUrl with arbitrary public URLs (e.g., https://example.com/... and a raw.githubusercontent.com sample) so the agent fetches and interprets untrusted third-party documents as part of its workflow, and those extracted contents can materially influence decision-making and downstream actions.