javascript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and use open web content — e.g., the RAG example in references/agent-patterns.md uses an appTool 'tavily/search-assistant@latest' and the tool-builder/internalTools examples (references/tool-builder.md) enable webSearch, plus references/files.md shows using remote URLs — so the agent is expected to read untrusted public web pages/URLs as part of its workflow, which can materially influence decisions.