roboflow-inference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and workflow examples show the agent accepting and running workflows on external image inputs (Workflows SDK code: images can be local paths, base64, or "https://..." URLs) and ingesting batches from cloud-storage / signed-URL references (batch-staging.md), which the agent is expected to process and whose outputs (counts, branch decisions, OCR results, etc.) can materially influence subsequent tool use and actions — therefore it clearly consumes untrusted third‑party content that can affect behavior.