claude-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to WebFetch live docs (SKILL.md "When to Use WebFetch" / shared/live-sources.md), documents server-side WebSearch/WebFetch tools (e.g., C#, Go, cURL tool lists) and shows mounting public GitHub repositories and external MCP servers in Managed Agents (curl/managed-agents.md, go/managed-agents/README.md), so the agent will fetch and interpret untrusted third-party web/user-generated content that can drive tool calls and subsequent actions.