gr-blog-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 4: "问句必须是用户真实搜索句（从 GSC / People also ask 抓）") instructs the agent to fetch and ingest public SERP/user search queries from Google Search Console / "People also ask", and those externally sourced, user-generated queries are read and used to generate FAQ schema and guide writing, exposing the agent to untrusted third‑party content that could influence actions.