google-gemini-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Grounding with Google Search" section (e.g., examples using config: { tools: [{ googleSearch: {} }] } and response.candidates[0].groundingMetadata.webPages) shows the agent automatically fetches and ingests open web pages and uses those search results (URLs/snippets) to drive decisions and function calls, exposing it to untrusted third‑party content that could carry indirect prompt injections.