thesys-generative-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly implements a web_search tool (tools.ts / executeWebSearch) that calls the TavilySearchAPIClient to fetch search results (titles, URLs, snippets) from arbitrary public websites and then feeds those results back into the LLM/workflow (see the tool-calling API route), so it ingests untrusted third‑party user-generated web content for interpretation.