aod-sdk-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's end-to-end example and API surface explicitly allow passing arbitrary public URLs as session "resources" (e.g., a GitHub repo) and then consuming server/agent-produced runtime output via client.sessions.stream (event.extra["data"]), which indicates the agent will ingest and act on untrusted third-party content fetched from the open web.