serpapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to query SerpApi (public search engine results) via the Membrane actions workflow in SKILL.md (e.g., "Search using a natural language description..." and "The result is in the output field of the response"), which clearly fetches untrusted third‑party web content that the agent is expected to read and act on, allowing that content to influence subsequent tool use.