gemini-interactions-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports Google Search and URL context ingestion (see "Tool orchestration" in the Overview and the Data Model entries for google_search_call / url_context_call) and the Deep Research agent/background research workflows that read web results, which means the agent will fetch and interpret open/public third-party web content that could contain untrusted, user-generated instructions.