typescript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly shows agents fetching and ingesting external, potentially user-provided URLs (e.g., the fetchPage functionTool in rules/function-tools-execution.md that does fetch(url) and the context fetchDefinition examples in rules/context-fetchers-overview.md that call external APIs), which places untrusted third‑party content into agent prompts/context and can directly influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the skill includes runtime context fetchers that call external endpoints (e.g., https://api.example.com/users/${personalAgentHeaders.toTemplate('user_id')} and https://api.example.com/conversations/${chatHeaders.toTemplate('x-conversation-id')}) whose returned data is embedded into agent prompts/system context and therefore directly controls agent behavior at runtime.