gemini-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CI/GitHub/GitLab integrations and headless examples explicitly read and pass repository diffs and PR/MR content (e.g., "git diff origin/... > diff.txt" and the GitHub Action/GitLab job that runs gemini on pull request/merge request diffs), which are untrusted, user-generated third-party content that the agent ingests for review.