openrouter-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly describes fetching and ingesting open/public third-party content via the openrouter:web_search server tool and deprecated web plugin (references/web-search.md and plugins.md) and by accepting arbitrary file/image/video URLs (references/multimodal.md, e.g. 'https://bitcoin.org/bitcoin.pdf'), which are returned to and synthesized by the model as part of agent/tool workflows, exposing it to untrusted web content that can influence subsequent actions.