mistral-core-workflow-b

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's implementation (references/implementation.md and SKILL.md Step 5) defines a 'search_web' tool and a function-calling loop that executes tool calls and injects the tool result as a 'tool' message which the model will read and act on, meaning it ingests and acts upon arbitrary public web/search results (untrusted third‑party content).