deno-sandbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md (see "Running User Code Safely" and "AI Agent Tool Execution" examples) explicitly writes and executes user-submitted / toolCode inside the sandbox and parses/uses the sandbox output, meaning untrusted user-generated content is ingested and can materially influence agent actions.