building-pydantic-ai-agents
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly enables provider-native and provider-adaptive web access (e.g., WebSearch, WebFetch, WebSearchTool and duckduckgo_search_tool) in references/CAPABILITIES-AND-HOOKS.md, references/NATIVE-TOOLS.md, and references/TOOLS-CORE.md, so agents are expected to fetch and interpret open/public web content (search results and fetched URLs) which can materially influence decisions and tool use.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata