dspy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s docs and workflow (SKILL.md and references/examples.md) define ReAct agents and tools like search_wikipedia that call wikipedia.summary and a search_web tool (public web) — i.e., the agent ingests public, user-contributed web content which it reads and uses to drive tool calls and subsequent decisions, creating a clear avenue for indirect prompt injection.