gemini-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses "Google Search grounding" and "Web content analysis with source attribution" and returns/feeds "sources" (URLs) into agent memory, meaning the agent fetches and interprets open web pages/URLs (untrusted third‑party content) as part of its workflow, enabling indirect prompt injection risk.