research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Systematic Information Gathering" explicitly instructs running web searches (via a gemini bash command or fallback WebSearch) and loading/analyzing GitHub repositories and other web sources, meaning the agent fetches and interprets open/public third‑party content as part of its workflow (SKILL.md, "Search Strategy" and "Deep Content Analysis"), which can materially influence subsequent actions and is therefore exposed to indirect prompt injection risk.