python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables ingesting public web content — e.g., the RAG example using the "tavily/search-assistant@latest" app and internal_tools().web_search(True), the "Working with URLs" file examples that accept arbitrary https:// URLs, and the browser-automation/session examples that navigate to external sites — which means the agent can fetch and read untrusted, user-generated third-party content as part of its workflow.