ai-provider-anthropic-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting arbitrary URL images and documents (see SKILL.md "Vision (base64 images, URL images, PDFs/documents)" and examples/vision-documents.md where messages include image source: { type: "url", url: "https://..." }), meaning it can fetch and have the model read untrusted third‑party web content which could influence tool calls or subsequent actions.