microsoft-agent-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests public web content (see reference/04-tools-functions.md's async fetch_url and reference/05-context-middleware.md's RAGContextProvider) and the IMPLEMENTATION_SUMMARY.md documents "URLs Fetched and Analyzed" including LinkedIn and GitHub, meaning untrusted third‑party content can be injected into agent context and materially influence decisions and tool use.