portkey-python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill clearly allows ingestion of untrusted third-party content: the Multimodal (Vision) example in references/ADVANCED_FEATURES.md demonstrates passing an image_url (an arbitrary public URL) for the model to analyze, meaning the agent will fetch and interpret external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a managed-prompts example (client.prompts.completions.create with prompt_id="pp-prompt-xxx"), which at runtime fetches prompt templates from the Portkey dashboard/backend (https://app.portkey.ai), so external content can directly control the agent's prompts.