valyu-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's Search API and Contents API explicitly fetch and ingest public web and URL content (e.g., the Contents API's urls parameter and the Search API's web/all search types), so the agent will read untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures a remote MCP server URL (https://mcp.valyu.ai/mcp?valyuApiKey=your-valyu-api-key) that is called at runtime to provide tool outputs injected into the agent context, allowing external content to directly control prompts/tool responses.