ai-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web research via the Gemini CLI using Google Search and accepts notebook URLs / uploaded documents in NotebookLM (e.g., the "Web Research" command and "Add Notebook" --url), which fetch and ingest arbitrary public web content and user-provided documents that the agent will read and interpret, exposing it to untrusted third-party content and potential indirect prompt injection.