openrouter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting untrusted third-party content via web search (e.g., using the :online model variant like "anthropic/claude-3.5-sonnet:online" and the web plugin configuration plugins: [{ id: 'web', engine: 'exa' }]) and by accepting arbitrary external URLs for images/videos (e.g., image_url/video_url examples), so the agent will read and interpret public web/user-provided content.