ts-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes generic HTTP clients that fetch and return data from arbitrary external URLs (templates/api/base.ts request + templates/api/webhook.ts WebhookClient.get/post) and also directly calls public third‑party APIs (templates/api/public/holidays.ts calling the Nager.Date API), so the agent can ingest untrusted, user-controlled web content which it will read/interpret as part of its workflows.