gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using Gemini's google_web_search and web_fetch tools (references/tools.md, references/templates.md, and SKILL.md) to fetch and summarize arbitrary public web pages and Google Search results, which the agent ingests and uses to drive follow-up actions, exposing it to untrusted third-party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes a runtime web_fetch/google_web_search tool that fetches arbitrary URLs and injects their content into prompts (example usage: "gemini 'Fetch and summarize https://example.com/docs' -o text"), so external content can directly control the agent's instructions.