agents-towards-production

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes a web_search_agent that calls the Tavily real-time web search API and injects search result URLs and page "content" into the prompt passed to the LLM (and also references Bright Data scraping), which clearly ingests untrusted public web content that the agent reads and uses to drive responses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The web_search_agent uses the TavilyClient to fetch arbitrary external web pages and then injects those search results (the external source URLs returned in search_results, i.e., r['url']) directly into the model prompt at runtime, so external URLs returned by Tavily are runtime-controlled content that can directly influence prompts.