latest-software-version

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow runs scripts/latest.js which fetches and parses live data from public, user-contributed registries and pages (e.g., registry.npmjs.org, pypi.org, proxy.golang.org, crates.io, rubygems.org, the GitHub API/readme, and external ai.google.dev docs) and instructs the agent to use the returned version/model strings in commands/configs, so untrusted third-party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The script calls the external docs https://ai.google.dev/gemini-api/docs/models.md.txt and https://ai.google.dev/gemini-api/docs/image-generation.md.txt at runtime and parses their text to extract Gemini model IDs/brand names that are then used to select models/populate outputs, so remote content directly controls agent behavior.