aws-cloudformation-bedrock

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill configures web data sources (e.g., Example 3's WebDataSource with DataSourceConfiguration.WebConfiguration.SourceUrl "https://docs.example.com") and RAG knowledge bases that the Bedrock agents and flows query, meaning the agent ingests and reads public/untrusted website content as part of its workflow, enabling indirect prompt injection.