agent-sandbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required install and test steps explicitly fetch public manifests and repos (e.g., "kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${VERSION}/manifest.yaml" and "git clone https://github.com/kubernetes-sigs/agent-sandbox") and the SKILL also documents runtime patterns where the sandbox runtime pulls signed bundles from object storage (pattern: signed bundle URL), so the agent's workflow clearly ingests untrusted, user-hosted third‑party content that can materially change runtime behavior.