thesys-generative-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit web-search tool examples that fetch and ingest public web content (e.g., templates/nextjs/tool-calling-route.ts and tools.ts use a Tavily web_search to return titles/snippets/URLs from the open web which are then fed back to the LLM or rendered by C1), so it clearly consumes untrusted third-party user-generated/open-web content that the agent reads and interprets.