langchain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RAG and agent workflows explicitly load and ingest open web content (e.g., WebBaseLoader("https://...") in SKILL.md RAG section, Web page loaders, DuckDuckGoSearchRun/Tavily search tools, and risky_api_call that requests arbitrary endpoints) and then use those retrieved documents in RetrievalQA/agent retriever tools so untrusted third-party content can directly influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The example uses WebBaseLoader("https://docs.python.org/3/tutorial/") to fetch external web content at runtime which is then loaded into the retrieval/RAG pipeline and injected into model context (directly influencing prompts/outputs), so this URL is a runtime dependency that can control agent behavior.