livekit-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and injecting external/public content (e.g., references/logic-and-structure.md "External data & RAG" and Agent Builder/HTTP tools / MCPServerHTTP('https://...')) into the agent's turn context before LLM generation, meaning untrusted third‑party webpages/APIs can be read and materially influence tool use and replies.