sandbox-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The sandbox runs user-provided code and its trusted_mode explicitly "允许访问 ... 网络" (allows network access), so code executed by the agent can fetch/read arbitrary public third‑party content (URLs, social media, etc.) whose results are returned to the agent via stdout, enabling indirect prompt injection.