gemini-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's templates and runtime logic (e.g., DEEP_TEMPLATE, SUMMARY_TEMPLATE, NEWS_TEMPLATE, LINKS_TEMPLATE and the cmd_extract handler in bin/gemini-researcher) explicitly instruct Gemini to perform Google searches and to summarize or extract content from arbitrary public URLs, so the agent will ingest untrusted public web content that can materially influence its outputs and actions.