A risk where untrusted tool outputs (e.g., web content, search results, emails) introduce malicious instructions or data that affect subsequent model behavior. This is closely related to indirect prompt injection in tool-enabled systems.
See: Indirect prompt injection; Prompt injection; Tool calling (function calling)