adk-agent-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill config (adk_agent_list.json) and SKILL.md show the extension connects to user-configured ADK server URLs (e.g., "https://my-adk-server.example.com") and exposes tools like list_adks, create_session, and send_message_to_agent that ingest and act on responses from those external ADK servers, so arbitrary third‑party server content could influence agent behavior.