claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a check_ui tool that calls take_screenshot(args["url"]) and "return[s] screenshot to agent for evaluation", meaning the agent fetches and ingests arbitrary public URLs (untrusted third-party content) as part of its workflow.