gemini-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and references/lib-research-task.md) explicitly instructs Gemini to use Google Search and fetch public web sources (official docs, GitHub READMEs/issues/discussions, Stack Overflow, blog posts, arbitrary URLs) and to ingest and save those findings for downstream use (e.g., documentation and Codex), so untrusted, user-generated content can be read and materially influence agent behavior.