CORE

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly authorizes web access and scraping of public sites in its runtime workflows — e.g., SKILL.md's "Custom Agents" lists gemini-researcher that "uses Gemini CLI for independent web access", and workflows/context-loading-rules.md includes "Research & Information Gathering" and "Advanced Web Scraping" plus Playwright-based browser automation for capturing pages — meaning the agent will fetch and interpret untrusted third‑party web content as part of its workflow, creating a clear indirect prompt‑injection surface.