python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and workflows explicitly enable ingesting and acting on open web content—e.g., internal_tools().web_search(True) and the RAG "search" app in references/agent-patterns.md, the browser-automation URL navigation in references/sessions.md, and "Working with URLs" in references/files.md—which cause the agent to fetch/read public URLs and use that untrusted content to influence tool calls and responses.