gemini-extension-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports installing extensions from GitHub or arbitrary URLs/local paths and treats extension-contained GEMINI.md files as runtime context/playbooks, meaning it fetches and interprets untrusted public third-party content (e.g., GitHub/public URLs) that could carry indirect prompt injection.