multi-model-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs running Gemini with Google Search grounding (e.g., "Phase 2: Gemini Discovery Execution" and commands like ./scripts/multi-model/delegate.sh gemini "Find existing solutions..."), which fetches public web/GitHub/search results that the agent reads, synthesizes, and uses to drive build-vs-buy decisions, thereby exposing it to untrusted third‑party content.