agent-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and processes arbitrary event payloads that explicitly include public web content (e.g., docs/INTEGRATION.md and examples show web-search-plus publishing search results with "url" and "snippet", and workflow_engine.py/subscriptions (scripts/workflow_engine.py and scripts/subscribe.py) read those events, substitute payload fields and pass them to agents/handlers), so it clearly consumes untrusted third‑party/user-generated content as part of runtime workflows.