adk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting public website content and arbitrary URLs (see "adk kb sync" Source Types: "Website
• Pages from sitemap or URLs" in cli.md and the Files API's upload-from-URL example and client.searchFiles usage), and those knowledge/files are used in AI execution (execute/searchFiles/knowledge) so the agent will read and interpret untrusted third-party content.