AI SDK UI

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's VisionChat flow (references/advanced-patterns.md and the "Server route for vision" POST) accepts arbitrary user-provided image URLs and injects them as image attachments into messages sent to the model, clearly ingesting untrusted third‑party content that the agent will read and that can materially influence its behavior.