openai-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly require the agent to fetch and ingest content from public third‑party sources (e.g., the weather.gov example in references/actions/getting-started.md and numerous guides on using external APIs, Google Drive/Snowflake, and the file_search/vector_store flows that index user-uploaded or externally sourced files), and that retrieved untrusted content is used by the agent to drive API calls and responses, so it can materially influence tool use and behavior.