ag-ui-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The documentation and examples show the agent fetching and ingesting open/public third‑party content as part of runtime flows (e.g., the weatherTool uses fetch to https://api.open-meteo.com, HttpAgent connects to arbitrary URLs like https://your-agent-endpoint.com/agent, and multimodal user messages can include external image/URL content), so the agent would read/interpret untrusted public content in its workflow.