developing-with-ai-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Provider Tools" section explicitly lists WebSearch and WebFetch as agent tools (e.g., return [(new WebSearch)->max(5)->allow(['laravel.com']), new WebFetch, ...]), indicating the agent can search/fetch public web content (untrusted third‑party/user‑generated pages) which the agent is expected to read and use in its workflow.