firebase-ai-logic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes a "features/grounding.md" that connects Gemini to real-time Google Search (and references function-calling and file-upload features that ingest external URLs), so the agent is expected to fetch and read open/public web content which is untrusted/user-generated.