rivetkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's docs explicitly show ingesting and deploying untrusted user-generated code and arbitrary external URLs (see reference/actors/ai-and-user-generated-actors.md which programmatically deploys user-generated actor code to sandboxed namespaces, and the Workflows example that processes queue messages by fetching arbitrary URLs), so third-party content can be read/interpreted and can materially change runtime behavior.