javascript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SDK documentation and agent patterns explicitly show agents fetching and using open web content — e.g., references/agent-patterns.md RAG pattern uses an appTool 'tavily/search-assistant' to "Search the web", references/tool-builder.md shows internalTools().webSearch(true), references/files.md permits using remote URLs (https://...) for inputs, and references/sessions.md demonstrates browser-automation visiting arbitrary URLs — so untrusted third-party content is ingested and can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill examples include a skills entry with an external URL (https://example.com/skills/api-docs.md) which is intended to be loaded as reusable agent context and therefore would be fetched at runtime and could directly control prompts if malicious.