tanstack-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and examples show the agent ingesting external third-party content—e.g., image URLs in references/advanced.md ("Image from URL") and server tool code in references/tools.md that fetches https://api.weather.com—which the LLM reads/interprets and feeds into tool/agentic loops, enabling indirect prompt injection.