python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SDK explicitly enables agents to fetch and interpret open web content—e.g., the RAG pattern uses an app_tool "tavily/search-assistant@latest" for "Search the web", internal_tools().web_search(True), references/files.md "Working with URLs" (allowing arbitrary remote URLs), and sessions/browser-automation that navigate supplied URLs—so untrusted third-party content can be ingested and read by the agent, enabling indirect prompt injection.