google-adk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses open web content and remote agent endpoints — e.g., tools like google_search in SKILL.md and the Python samples ("web_researcher" with tools=[google_search]) ingest web search results, and the A2A workflow/ references/a2a-protocol.md show consuming agent cards via arbitrary URLs (/.well-known/agent-card.json) — so untrusted third-party content is read and used to drive agent decisions.