claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables fetching and browsing of public web content — e.g., REFERENCE.md and resources/02-query-options.md list WebSearch/WebFetch as built-in tools and resources/07-mcp.md shows a "web scraping agent" using a Playwright MCP server and prompts that ask the agent to visit arbitrary URLs and extract information — so the agent will ingest untrusted third-party pages that can influence its actions.