ian-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill sends prompts to and parses responses from the external Gemini web service (requests to https://gemini.google.com/_/... and fetching HTML from https://gemini.google.com/app) and downloads linked assets (e.g., googleusercontent.com URLs) which are third‑party content the agent reads and acts on as part of its workflow, allowing indirect injection via those responses or linked public resources.