tool-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly shows examples where the agent ingests external content (e.g., the "Tool Use for Structured JSON Output" example includes a user message with an image source {"type":"url","url":"https://..."} and the "search_api"/document tool examples imply returning full document content), which means the agent can fetch and read arbitrary public URLs or third-party documents and thus consume untrusted, user-provided content as part of its workflow.