klisk-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes built-in WebSearch and FileSearch tools that fetch and pass web/search results and externally-hosted files into the agent (see references/builtin_tools.md and the FileSearch upload-from-URL example), and the Agent execution loop (references/api_reference.md) shows tool results are fed back into the agent and can change subsequent actions, so untrusted public content can indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The built-in FileSearch example shows runtime fetching of external documents (e.g., "https://example.com/report.pdf" via requests.get) which can be uploaded into a vector store and directly control the agent's context/responses, so this is a high-risk runtime external dependency.