fda-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to query and process data from the public openFDA API (open.fda.gov) — including adverse event reports, recalls, and free-text fields — which are public/user-submitted third-party content that the agent reads and uses to drive analyses and decisions, so it could enable indirect prompt injection.