firebase-vertex-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads public, user-generated Firestore documents (see firestore.rules: match /posts/{postId} allow read: if true) and the RAG implementation in functions/src/vertex/rag-query.ts concatenates those posts' title/content into prompts sent to Gemini, so untrusted third-party content is ingested and can materially influence model/tool behavior.