google-agents-cli-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching/reading external ADK docs (e.g., "For the official evaluation documentation, fetch these pages: https://adk.dev/evaluate/index.md" and a raw GitHub URL https://raw.githubusercontent.com/google/adk-docs/main/docs/evaluate/criteria.md), which are public third-party web pages the agent would consume and that could materially influence evaluation configuration and tool-choice, enabling indirect prompt injection risk.