gemini-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md's Capabilities section explicitly lists an MCP server "brave-search: Web search (Brave)" and the docs mention enabling MCP servers via --allowed-mcp-server-names, which shows the agent can perform web searches and ingest public/untrusted web content that could influence subsequent tool calls and actions.