chainlit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes examples that fetch and ingest open/public third-party content (e.g., the "Web Search" step calling web_search, the RAG/search_documents pattern that inserts retrieved document content into LLM prompts, and Elements like Image/Audio from arbitrary URLs) which are untrusted/user-generated sources and are shown being read/interpreted as part of the workflow, enabling indirect prompt injection.