azure-ai-formrecognizer-java

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md demonstrates runtime ingestion of arbitrary external content (e.g., client.beginAnalyzeDocumentFromUrl("prebuilt-invoice", documentUrl) and adminClient.beginBuildDocumentModel(blobContainerUrl, ...)) which fetches documents from public URLs or blob SAS URLs and the agent directly analyzes/uses that content for field extraction and classification, allowing untrusted third‑party content to influence behavior.