CORE

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflows explicitly direct the agent to perform web research and scraping (see workflows/context-loading-rules.md: "Research & Information Gathering" → use gemini-researcher, and the "Advanced Web Scraping" section), and gemini-researcher is documented as using the Gemini CLI for independent web access, so the agent will fetch and interpret untrusted public web/user-generated content that can influence subsequent actions.