google-tagmanager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Custom Templates guidance and examples explicitly reference importing and using Community Template Gallery templates and executing/issuing requests to arbitrary external URLs (e.g., Community Template Gallery plus injectScript, sendHttpRequest, sendPixel examples in references/custom-templates.md), which are untrusted, user-provided third‑party resources the agent may be expected to load or interpret as part of workflows.