agentic-rag-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly performs web search fallbacks via Tavily (see web_search in the CRAG workflow, WebSearcher/TavilyClient in scripts/crag-workflow.py and the web_search fallback in references), ingesting r["content"]/r["url"] from public web results into Document.page_content that are then used as generation context—thus exposing the agent to untrusted third-party web content that could carry indirect prompt injection.