web-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires executing Gemini CLI web searches ("Execute Gemini CLI searches for each subtopic" and the Execution pattern showing gemini -p "[SUBTOPIC_INSTRUCTION]") and ingesting findings/URLs from public web sources which are then read, compressed, and used to drive report-generation and follow-up actions, so it clearly consumes untrusted third-party content.