bigquery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on external, potentially untrusted third-party content—e.g., loading data from arbitrary gs:// Cloud Storage URIs and running an MCP HTTP/stdio server that accepts external MCP requests (including with --enable-writes)—as described in SKILL.md, which can directly drive queries and write operations.