research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs web searches using a gemini bash command or a WebSearch tool and then reads third-party content (e.g., GitHub repos via docs-seeker and community resources like forums, Discord, and Stack Overflow), so it ingests untrusted public/web user-generated content that the agent will interpret during research.