gemini-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and analyzes arbitrary public web content (e.g., "Analyze this documentation: @https://docs.example.com/api" and "Compare my implementation with: @https://github.com/example/repo", plus web_search/google_web_search tooling), so the agent will read untrusted third-party/user-generated content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill repeatedly encourages automated, auto-approved tool execution (--yolo) that creates/modifies files, installs packages globally (npm -g), restarts servers and manages MCP servers—actions that modify the host system state and can require elevated privileges—so it poses a high risk of compromising machine state.