OpenAI Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary external content (e.g., OPENAI_CREATE_RESPONSE multimodal inputs with image_url "https://..." and a tools list that includes web_search/file_search), meaning the agent can fetch and interpret public/untrusted URLs and web content as part of its workflows, exposing it to indirect prompt injection.