ag2-add-custom-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows LLM-facing tools that fetch arbitrary URLs (e.g., the async fetch(url) example using aiohttp in SKILL.md and the fetch/Inject examples in references/dependency_injection.md that return r.text()), meaning the agent can ingest untrusted public web content which could influence its subsequent decisions and tool use.