microsoft-foundry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (foundry-agent/create/create.md Step 3–4) explicitly fetches and downloads sample code from the public GitHub API (https://api.github.com/repos/microsoft-foundry/foundry-samples/contents/...), and the skill also directs using public web search (WebSearchPreviewTool) and external MCP/toolbox endpoints, meaning the agent will read and act on open/public third‑party content that could carry untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The create workflow explicitly fetches sample code at runtime from GitHub (e.g., GET https://api.github.com/repos/microsoft-foundry/foundry-samples/contents/{sample_browse_path} and the associated .download_url/raw.githubusercontent.com files) and saves/uses that code as the agent project (which can be executed or determine agent prompts), so this is a runtime external dependency that can execute remote code.