using-deepagents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The docs (references/skills-and-memory.md and SKILL.md) explicitly show that untrusted, user-provided files can be injected via StateBackend's agent.invoke files (e.g., /skills/.../SKILL.md and /project/AGENTS.md) and that Memory/Skills are concatenated into the system prompt or loaded as agent skills—allowing that third-party content to directly alter the agent's prompts, decision-making, and tool use.