blog-google

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public third‑party sources — e.g., PageSpeed/CrUX for arbitrary URLs, YouTube Data API (video descriptions/tags/comments) via "/blog google youtube ", Cloud Natural Language on user-provided URLs/text via "/blog google nlp ", and Search Console data via "/blog google gsc" — and those untrusted, user-generated or public sources are read and used by workflows (blog-rewrite, blog-write, blog-audit, reports) to drive analysis and subsequent actions, so third‑party content could materially influence tool behavior (see SKILL.md commands and scripts like crux_history.py, gsc_inspect.py, and google_report.py).