proactive-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls a web search tool (search_tool.execute and WebSearchTool() in the ProactiveSearchAgent and analyze_with_proactive_intelligence) to fetch public web search results and injects those snippets/URLs into the agent's system prompt (knowledge_block) for integration into analysis, meaning untrusted third‑party webpages can directly influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The ProactiveSearchAgent calls search_tool.execute(query) at runtime and directly injects returned result snippets and their source URLs (r.get('url') from the WebSearchTool results) into the model's system prompt, so arbitrary external URLs returned by the search tool are used to control prompts.