gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly enables "grounding" and "real-time data fetching" and says you can "send an image URL with text for analysis" (Key Capabilities / Usage Patterns), which means the agent will fetch and interpret arbitrary third-party content (e.g., public URLs/user-provided images) that can influence subsequent behavior.