ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows runtime behaviors that fetch and ingest arbitrary external URLs (e.g., the example @ai.tool fetch(url: str), use of ai.file_part(url), and ai.mcp.get_http_tools("https://mcp.example.com/mcp")), and those tool results are merged back into agent messages, meaning untrusted third‑party content can influence the agent's subsequent decisions and tool use.