spring-ai-alibaba-dev-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill explicitly ingests untrusted public content (e.g., DeepResearchService uses SourceType.WEB/NEWS in SKILL.md and SKILL_APPENDIX, SKILL_BUILT_IN_NODES.md defines HttpNode and McpNode/fetch servers) so the agent is expected to fetch and interpret arbitrary third‑party web resources that can influence tool calls and next actions.