gemini-websearch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs headless web searches via Gemini's google_web_search (see SKILL.md "Execute headless Gemini search" and scripts/search.py where it invokes the gemini CLI with /tool:google_web_search, parses the returned JSON, and uses that response text to validate/retry and make decisions), thus ingesting untrusted public web content that can materially influence subsequent actions.