eval-faq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly requires the agent to "Fetch FIRST" and extract sections from public third‑party URLs (e.g., https://github.com/microsoft/ai-agent-eval-scenario-library, various MS Learn pages, and external blogs like eugeneyan.com and hamel.dev) and then use that fetched content to form its answer, so untrusted web content can directly influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch external documentation at runtime (e.g., https://github.com/microsoft/ai-agent-eval-scenario-library) and to extract those sections to drive answers, so that URL (and the other listed GitHub/MS Learn links) directly control prompts at runtime.