ai-sdk-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's tool-calling examples explicitly fetch and ingest data from public third-party URLs (for example, the weather tool's execute() uses fetch("https://api.weather.com/${location}") in the "Tool Calling & Agents" section), and those tool results are consumed by agents/generateText flows to produce responses, so the agent will read/interpret untrusted external content that could enable indirect prompt injection.