agents-langchain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RAG and agent workflows (SKILL.md and references/rag.md / references/integration.md) explicitly show using WebBaseLoader, web search tools (DuckDuckGoSearchRun, WikipediaQueryRun) and retriever tools to load and feed arbitrary public web pages/URLs into agents, meaning untrusted third‑party content is ingested and used to influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill example shows WebBaseLoader loading https://docs.python.org/3/tutorial/ at runtime and then injecting those fetched documents into the RAG/retrieval context used by the LLM, meaning remote content can directly control the model's prompts/inputs.