convex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes actions that fetch arbitrary external URLs (see references/file-storage-and-search.md "downloadAndStore" which does fetch(args.url) and store the blob) and the agent workflows (references/ai-agents.md — processDocument / RAG examples) explicitly load and use document.text from storage as context for agent generation, so untrusted third‑party content can be ingested and materially influence agent tool calls and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime calls to OpenAI endpoints (https://api.openai.com/v1/embeddings and https://api.openai.com/v1/chat/completions) that perform remote model inference and directly determine agent outputs, and the agent features rely on those external APIs as required dependencies.