gs-advanced-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 explicitly navigates to the public Google Scholar URL (https://scholar.google.com/scholar?... ) and Step 3's evaluate_script scrapes titles, snippets, authors and links from that live public site so the agent ingests untrusted third‑party webpage content which can influence its reported results and subsequent actions.