claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes tools that fetch and act on arbitrary public web content — e.g., the WebSearch/WebFetch tools in references/built-in-tools.md and the browser automation flows in references/browser-control.md (agent-browser open, snapshots, and Chrome-extension actions) — and multiple workflows (Research Agent, subagents using WebSearch/WebFetch) show the agent reading and acting on third-party pages, so untrusted web content can materially influence tool use and decisions.