gemini-cli-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs scraping and ingesting public documentation from https://geminicli.com/llms.txt (see "Scrape All Documentation" and the Execution Pattern commands), which the agent is required to read/parse into an index that directly influences searches, extraction, drift-detection, and subsequent actions—exposing it to untrusted third‑party web content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs scripts like "python .../scrape_docs.py --llms-txt https://geminicli.com/llms.txt" at runtime to fetch and load llms.txt (and the docs it references) which become the scraped content injected into the agent's context, so https://geminicli.com/llms.txt directly controls what is fetched and used as prompt/context and is a required runtime dependency.