llm-app-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly defines and uses a "search_web" tool (sub-skills/22-function-calling-pattern.md) and shows ReAct-style actions like Action: search("X") with Observations fed back into the agent prompt (sub-skills/21-react-pattern-reasoning-acting.md), meaning the agent will fetch and interpret open web content that can directly influence its subsequent tool use and decisions.