noise2blog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests arbitrary public webpages ("If input is a URL: Fetch the page content using WebFetch" in SKILL.md Step 2) and also uses external Tavily search results (Step 4) as required verification sources that the agent must read and act on to generate or change output, so untrusted third-party content can materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches user-provided web pages at runtime (e.g., https://example-engineering-blog.com/article) using WebFetch and injects the extracted page text directly into the Gemini request payload, so externally hosted content can directly control the model prompt and output.