gg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes performing real-time web searches with Google Gemini and returning source URLs (e.g., "perform real-time web searches" and use --source/--source-detail to include URLs), meaning the agent fetches and ingests open/public web content that could contain untrusted, user-generated instructions affecting its outputs.