ag2-multimodal-input

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly shows the agent ingesting arbitrary public URLs and user-hosted media (e.g., ImageInput("https://example.com/photo.jpg") and "Gemini — YouTube URLs work directly"), so the agent will fetch and interpret untrusted third‑party web content that can influence its outputs and actions.