cloudbase-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports fetching and consuming arbitrary third‑party web content (e.g., py/references/tools.md defines an HttpTool for arbitrary URLs, adapter-langgraph.md and the "Providing Tools via API"/recipes examples show a "search_web" tool and passing tools via the public send-message API), and tool results are fed back into the agent workflow (ToolCallingAgent/adapter examples), so untrusted public content can influence agent decisions and tool usage.