personize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs runtime use of external web search results (see "Multi-Step Orchestration with Responses" / the step with tools: ['web_search'] and the "Research the company Acme Corp. Find their industry and recent news" example) and even captures tool results into memory (capture_tool_results: true), which means the agent fetches and interprets untrusted public web/news content that can materially influence its outputs and next actions.