create-headless-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill wires server-side web tools as defaults (see SKILL.md and sample/src/tools/index.ts which includes serverTool({ type: 'openrouter:web_fetch' }) and serverTool({ type: 'openrouter:web_search' })), and the agent loop (src/agent.ts) will ingest and act on those fetched web/search results, so it clearly fetches untrusted public web content that can influence subsequent tool calls and decisions.