langchain-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly demonstrates loading web pages with WebLoader('https://example.com') in the "Document Loading" section and then feeding those documents into the RAG workflow (MemoryVectorStore.fromDocuments and createRetrievalChain / prompt using {context}) so the agent ingests and bases responses on arbitrary public web content, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The RAG example uses WebLoader('https://example.com') to fetch webpage content at runtime and injects that content into the prompt/context ("Answer the question based only on the following context"), so external content from https://example.com can directly control model behavior.