agent-card-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill templates and examples (e.g., examples/data-analysis-agent.md and templates/streaming-agent-card.json / templates/multi-capability-agent-card.json) explicitly accept and process arbitrary public URLs such as dataset.sourceUrl, trainingData.sourceUrl, documentUrl, imageUrl, streamSource/sources and webhook/callback URLs, meaning the agent will fetch and interpret untrusted, third‑party content as part of its workflow.