agents-best-practices-harness-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lists a "web-search" skill in the skillIndex and shows progressive-disclosure code (if userNeedsWebSearch → loadSkill("web-search")) and also documents including retrieved_docs in the model context, which indicates the agent will fetch and ingest public web documents (untrusted third-party content) into its workflow and decision inputs.