javascript-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables agents to fetch and use web content — e.g., SKILL.md's Tool Builder API shows internalTools().webSearch(true) and the RAG pattern in references/agent-patterns.md defines an appTool('search','tavily/search-assistant@latest') and instructs agents to use it to gather and act on web information — so the agent will ingest untrusted public web content that can influence tool calls and decisions.