gemini-delegation-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution Patterns (Pattern 2: "Sandboxed Execution") explicitly calls out running "npm install for unknown packages" and executing user-provided scripts, which involves fetching and ingesting untrusted public third‑party package/content that the agent would execute or analyze and could thereby influence subsequent actions.