agent-governance-toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and workflow explicitly wrap and call web-search tools (e.g., the LangChain example: Tool(name="Search", func=govern(search_tool, ...)", description="Search the web") and the Custom Agent Loop mapping "search": govern(search_web, ...)) and then feed tool results back into the agent prompt, which shows it ingests and acts on external/untrusted web content (also evidenced by policy rules matching external https:// destinations), so third-party pages can materially influence subsequent actions.