gemini3-thought-signature-tool-use-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs and tests tool-bearing requests (e.g., "Tool use test: Send a message requiring tool use (e.g., 'read this URL: ...')") and references tools like web_fetch/browser in the runtime flow, meaning the agent will fetch and interpret arbitrary public URLs whose untrusted content can influence subsequent actions.