letta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly instructs creating agents with built-in tools that fetch and ingest open web content (e.g., "Built-in Tools" and "Create agent with both web_search and archival_memory tools" in SKILL.md and references/api_sdk.md), showing agents will perform web_search/fetch-webpage and run_code (web scraping/API calls) and then use those results in reasoning and tool calls — meaning untrusted third-party content is read and can influence agent actions.