ag2-use-builtin-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and references/builtin_tools_matrix.md) explicitly includes WebSearchTool/WebFetchTool, DuckDuckSearchTool, ExaToolkit, TavilySearchTool and SkillsToolkit which fetch content from public websites, search results, arbitrary URLs and the skills.sh/GitHub registries — untrusted third‑party content the agent is expected to ingest and act on.