builtin-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's authoring docs and required runtime examples (see ExecutionRuntime Pattern A in references/ExecutionRuntime/index.ts and the WebBrowsingExecutionRuntime/search example under "When ExecutionRuntime is the default home for logic" and "Pattern A: Inject a service interface") explicitly show the runtime calling an IWebBrowsingService.search/crawlPages that ingests external web search/crawl results and returns LLM-facing content, meaning untrusted public web pages can be read and influence agent decisions.