claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes Claude agents to arbitrary public web content via built-in tools "WebSearch" and "WebFetch" (listed in SKILL.md) and shows examples of custom tools and MCP HTTP/SSE servers fetching arbitrary URLs (references/custom-tools.md and MCP server examples), and those fetched results are fed back into the agent loop and used to drive subsequent tool calls and decisions.