llamaindex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests open web content via SimpleWebPageReader (see "Web pages" example web_reader.load_data(urls=[...]) in the Document Loading section) and then uses those documents in indexes/query engines and agent tools, meaning untrusted, user-generated third-party web content can be read and influence agent actions.