axiom-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Tool protocol and examples (e.g., GetFactTool / GetWeatherTool and the "Tool Calling Flow" in skills/foundation-models.md and foundation-models-ref.md) explicitly instruct creating tools that fetch data from external/public APIs (Wikipedia, news APIs, "any custom API") whose outputs are inserted into the session transcript and autonomously consumed by the model, enabling untrusted third‑party content to influence subsequent decisions.