adk-deploy-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/event-driven.md explicitly shows Pub/Sub, Eventarc, Cloud Storage, and BigQuery trigger handlers that decode external/base64/JSON message data and call _run_agent(...)—meaning the agent ingests and interprets untrusted, potentially user-generated event payloads as part of its workflow, which can materially influence its actions.