keyapi-google-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls KeyAPI's Google MCP (https://mcp.keyapi.ai/google/mcp) to fetch live web and image search results from public websites (see SKILL.md "web_search"/"image_search" and scripts/run.js) and explicitly instructs the agent to synthesize and act on those results, so untrusted third‑party page content can materially influence behavior.