claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open-web and third‑party content — e.g., built-in WebSearch/WebFetch tools and external MCP servers (HTTP/SSE) and templates that call external APIs like the weatherServer fetch to https://api.weather.com and remote mcp URLs — and those results are consumed and interpreted by the agent as part of its workflows.