tooluniverse-custom-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs adding tools that call arbitrary external HTTP endpoints (see JSON "fields.endpoint" and the Python examples using requests.get / urllib to "https://my-api.example.com/search" and similar URLs in SKILL.md and references), so the agent will ingest untrusted third-party responses that can influence its decisions and tool use.