adk-rag-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's corpus setup (references/corpus-setup.md) explicitly allows importing documents from arbitrary URLs via rag.import_files (e.g., "https://example.com/doc.pdf"), and the agent's VertexAiRagRetrieval tool then retrieves and reads those documents to answer queries and produce citations, exposing the agent to untrusted third-party content.