deno-sandbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and executes untrusted, user-provided code (see runUserCode, executePlayground, and executeAgentTool which write user code to the sandbox and parse stdout/JSON), so outputs from arbitrary third‑party/user-generated code are read and returned to the agent and could influence subsequent actions.