gemini-api-2026

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents and requires the URL Context tool and examples that fetch and read arbitrary public URLs (e.g., SKILL.md "URL Context (New Tool)" with the example "Summarize https://example.com/doc.pdf" and the "URL Context — Extended" section in references/tools-and-agents.md), which causes the agent to ingest untrusted third-party web content that can influence responses and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a Batch API example that at runtime reads external input from gs://bucket/requests.jsonl (client.batches.create(..., src="gs://bucket/requests.jsonl")), meaning remote JSONL is fetched and directly supplies the model requests/prompts, so this is a runtime external dependency that controls agent prompts.