devonthink

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports fetching external web content via the create_from_url command (shown in SKILL.md and references/examples.md) and includes AI-analysis commands like ask_ai_about_documents and create_summary_document that would ingest and act on those fetched/public documents, so untrusted third-party page content could influence agent behavior.