gemini-document-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples (e.g., references/gemini-document-processing-report.md and references/code-examples.md) explicitly fetch PDFs from arbitrary public URLs (httpx.get/wget examples, NASA and discovery.ucl links) and feed those untrusted third‑party documents into the model for summarization/Q&A, meaning the agent ingests and acts on external web content that could contain indirect prompt injections.