agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly lets agents call arbitrary webhook endpoints and perform client-side fetches (see references/client-tools.md "Webhook Tools" and "Client Tools") and uses webhook/client-tool responses and uploaded knowledge-base documents directly in agent replies, so untrusted third-party content can be ingested and materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The widget examples load and execute remote JavaScript at runtime from https://unpkg.com/@elevenlabs/convai-widget-embed (via or dynamically appended script), which is a required dependency for the widget and executes remote code in the client.