typescript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs explicitly show agents using context fetchers and function/MCP tools to fetch arbitrary external URLs and API responses (see rules/context-fetchers-overview.md for fetchDefinition that embeds external API responses into the agent's system prompt and rules/function-tools-execution.md for the fetch-page function tool that fetches raw HTML), meaning untrusted third‑party content is ingested and becomes part of the agent's working context and decision-making.