ap2-shopping-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This SKILL.md explicitly directs the agent to fetch live docs and web-search public sites (e.g., https://ap2-protocol.org/specification/ and site:github.com google-agentic-commerce sample code) and to read sample source code for implementation patterns, meaning the agent will ingest untrusted public third‑party content that can materially influence its decisions and behavior.