adk-agent-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to use web-scraping/search tools (e.g., LinkedInScraperTool, WebScraperTool, WebSearchTool) to fetch and analyze public LinkedIn profiles and web pages (see references/SKILL.full.md and SKILL.md examples and tests), meaning untrusted, user-generated third‑party content is ingested and directly influences the agent's think/act tool-selection loop and subsequent actions.