openrouter-typescript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly defines and uses a "web_search" tool in the "Complete Example: Agent with Tools" (and shows arbitrary image_url usage in multimodal examples) that instructs the agent to fetch and interpret open-web URLs/results as part of its workflow, allowing untrusted third-party content to influence tool calls, next-turn parameters, and final decisions.