google-image-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the Google Custom Search API (see scripts/api.py & references) to fetch image results (titles, URLs, context links) from the open web and then feeds those untrusted third‑party titles/URLs/metadata (and can download the linked images via scripts/download.py) into the LLM selection flow (llm_select.run_llm_selection), clearly exposing the agent to arbitrary public user-generated/untrusted content.