gemini-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required lookup workflow explicitly fetches live public documentation (e.g., https://raw.githubusercontent.com/googleapis/js-genai/refs/heads/main/codegen_instructions.md and https://ai.google.dev/gemini-api/docs/{topic}) and then reads and synthesizes those pages into code and SDK recommendations, so third‑party web content can directly influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the raw GitHub file https://raw.githubusercontent.com/googleapis/js-genai/refs/heads/main/codegen_instructions.md at runtime to obtain "always-current SDK patterns" which are injected into the agent's synthesis step and therefore directly control the agent's prompt/instruction generation.