using-gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs calling the Gemini CLI to perform "web search" and to run gemini -p (e.g., "Ask Gemini to search for current information"), which means the agent will ingest and act on untrusted public web/search results returned by a third-party service as part of its workflow.