agentic-ai-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes agent loops that call read-only search and browser tools and warns about "web fetches" and RAG chunks as untrusted channels (see references/agent_loop_tools_and_mcp.md execution sandbox and references/security_and_production_deployment.md "Untrusted channels"), meaning the agent is expected to ingest open/public third‑party content (including tool return payloads) that can steer subsequent tool use and decisions.