google-agents-cli-scaffold

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows using remote, arbitrary Git repositories as templates (flags.md: the --agent flag accepts a "remote Git URL") and the scaffold workflow instructs loading and using template files/guidance (e.g., guidance filenames like GEMINI.md) which the CLI will ingest and use to generate/drive agent behavior, so untrusted third-party content can materially influence subsequent tool use and actions.