quote-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Step 3 asks the user to "Paste or describe the reference image you want to recreate" and explicitly cites public sources ("Pinterest, LinkedIn, or Google Images"), meaning the agent will ingest and interpret untrusted third-party images/pages as part of its workflow and use that content to generate the Gemini prompt and subsequent actions (Steps 3–4), enabling indirect prompt injection.