thesys-generative-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a web_search tool (e.g., templates/nextjs/tool-calling-route.ts and references/tool-calling.md / tools.ts) that calls the Tavily web search API and returns public web results/snippets to the LLM, so it clearly ingests untrusted, user-generated third‑party content which the agent reads and uses in its workflow.