data-manager-api-audience-ingestion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow can fetch and ingest Google developer documentation text (Markdown) from developers.google.com via the “Markdown equivalent … appending .md.txt to the URL” directive, which is outsider-authored public web content that becomes LLM-readable context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent/user to fetch and install utility libraries from GitHub at runtime (e.g., git clone https://github.com/googleads/data-manager-python.git and similar repos), which downloads remote code and runs build/install steps that execute that remote code and are required dependencies.