google-adk-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and required agent examples show agents using built-in web tools and scrapers (e.g., references/tools-and-mcp-integration.md shows async fetch(url) using http_client.get and lists google_search; references/agent-types-and-architecture.md and references/multi-agent-and-a2a-protocol.md show agents with tools=[search, scraper] and remote agent_card URLs), which clearly fetch and ingest untrusted public web content that will be read and can influence agent routing/decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCPToolset examples invoke npx to fetch and run remote npm packages at runtime (e.g., npx @modelcontextprotocol/server-filesystem / https://registry.npmjs.org/@modelcontextprotocol/server-filesystem and npx @modelcontextprotocol/server-git / https://registry.npmjs.org/@modelcontextprotocol/server-git), which will download and execute remote code as a required runtime dependency.