dspy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes examples that call external web sources—e.g., the ReAct agent's search_wikipedia/search_web tools in references/examples.md and the RAG examples that use dspy.Retrieve (and ChromadbRM) to fetch passages—which are public/third-party content that the agent ingests and feeds into the model as context, exposing it to untrusted user-generated/open-web content.