tooluniverse-custom-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's JSON-config and Python-class patterns (SKILL.md Option A and references/python-tool.md and references/json-tool.md) explicitly instruct tools to call arbitrary external endpoints (e.g., requests.get("https://my-api.example.com/search") and fields.endpoint in JSON), returning resp.json() that the agent reads and uses in its workflow, which exposes it to untrusted public third-party content that could carry indirect prompt-injection.