ai-sdk-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tools-and-agents documentation (references/tools-and-agents.md and examples in SKILL.md) shows agent tools that fetch and ingest public web content (e.g., fetch("https://api.weather.com/…") and googleSearchRetrieval() for web search), and the model is expected to read and act on those tool results as part of its workflow, which could allow untrusted third‑party content to inject instructions indirectly.