ai-agentic-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the agent to call and display results from web fetches/web_search and other public GET endpoints (see references/agentic-patterns.md "Tool Use" snippet showing web_search and the permission-framework.md entry listing "Web fetch (GET)" as a read-only tool) and mandates using those external sources as inputs (references/checkpoint-primitives.md "Sources" and the Workflow), so untrusted public web content is ingested and can influence planning, tool selection, and subsequent actions.