agents-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes experimental "Browse the web" tools (references/browse-the-web.md) that let agents search and navigate arbitrary public URLs (browser_search/browser_execute) and return scraped page content into the agent's tool loop, meaning untrusted web content can be ingested and influence model behavior.