gemini-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and fetch/read arbitrary web pages (e.g., "Web Tools" examples like "Fetch web content" and the "Advanced Patterns -> chain_operations" which searches for "React hooks best practices" and "Read the top 3 results"), so it ingests untrusted public third‑party content for interpretation.