langgraph-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to use WebFetch to read the public documentation index at https://docs.langchain.com/llms.txt and to fetch 2–4 selected documentation pages (arbitrary public URLs), meaning the agent ingests external third-party web content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebFetch to load external documentation at runtime (starting with https://docs.langchain.com/llms.txt and then additional selected documentation URLs) and injects that fetched content to control responses and include code examples, making the external URL(s) a runtime dependency that directly control prompts.