agent-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md directing you to read references/ol-ai-services-map.md and references/tool-design-guidelines.md) describes runtime interop discovery and resolution of INTEROP/MCP/REST endpoints (interop_client.discover_tools(), ToolService.resolve_tools(), and loading tool schemas/descriptions into the agent context), which means the agent will ingest untrusted third‑party MCP/REST tool metadata and responses that can materially influence tool use and execution.