vercel-open-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes a "web" tool ("Fetch web content") and GitHub integration in the main workflow/tools sections of SKILL.md, which allow the agent to fetch and interpret arbitrary public web pages and repository content (untrusted, user-generated) as part of its runtime workflows and can therefore influence subsequent tool use and actions.