azure-ai-document-intelligence-ts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly shows analyzing documents via urlSource/documentUrl in sections like "Analyze Document (URL)", "Extract Invoice Fields", and "Classify Document", which causes the agent to fetch and interpret arbitrary public URLs (untrusted user-generated content) as part of its workflow and could therefore allow indirect prompt injection.