gemini-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s documentation (SKILL.md and references/api_documentation.md) explicitly lists web-facing tools—e.g., the Web Fetch tool (web_fetch) and web search (google_web_search) and describes that the Gemini model may call these tools to fetch arbitrary URLs/search results and incorporate their outputs into subsequent model reasoning (see “How to use Gemini CLI tools” and “These tools can fetch content from URLs”), which means untrusted public web content can be ingested and materially influence tool use and decisions.