Agent Workflow Builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill defines a "researcher" agent that uses tools named web_search and read_document, and the agent loop appends tool results to the LLM messages (response.tool_calls -> messages.append({"role":"tool","content": result})), meaning the agent will fetch and read open/web or user-provided documents and thus ingest untrusted third-party content.