gemini-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs using the Gemini CLI Google-search grounding ("Step 2") to fetch and ingest web search results and URLs from public sites, which are untrusted third-party sources that the agent must read and use to form its responses, enabling potential indirect prompt injection.