azure-ai-projects-ts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows creating agents with a "web_search_preview" tool (and references connections that can point to external targets in references/connections.md), which means the agent can fetch and interpret open/public web content and external connection endpoints (untrusted third-party sources) as part of its runtime workflow, enabling indirect prompt injection.