google-gemini-file-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly shows using the googleSearch tool in runtime model calls (see "Error 11: Google Search and File Search Tools Are Mutually Exclusive" and the provided searchWeb() example) and also instructs the agent to query uploaded file stores (fileSearch), meaning the agent can fetch and interpret untrusted public web search results and user-provided documents which can materially influence subsequent tool use and actions.