llm-app-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's FunctionCallingAgent explicitly defines a "search_web" tool ("Search the web for current information") and the ReAct/FunctionCalling patterns show the agent invoking searches and consuming observations in its reasoning loop, so it clearly fetches and interprets untrusted public web content that can influence subsequent tool use and decisions.