ai-elements

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples (references/agent.md) explicitly include a readUrl and webSearch tool that read and parse arbitrary URLs from the open web, meaning the agent is expected to ingest untrusted, user-provided third-party content that can influence tool execution and subsequent decisions.