thesys-generative-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tool-calling workflow explicitly performs web searches and ingests public search results (e.g., web_searchTool using TavilySearchAPIClient in templates/nextjs/tool-calling-route.ts and the references/tool-calling.md), returning those untrusted third‑party/web contents into the LLM conversation stream where they can influence subsequent tool use and decisions.