llm-app-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly defines and uses a "search_web" tool in the Function Calling section and shows a function_calling_loop that executes web search tool calls and injects their results into the LLM message stream, meaning the agent fetches and interprets untrusted public web content as part of its workflow (SKILL.md, "Function Calling" / function_calling_loop).