google-hotels

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and references/interaction-patterns.md explicitly instruct the agent to open and snapshot public Google Hotels pages and visit hotel websites/search results (e.g., "agent-browser ... open https://www.google.com/travel/search..." and the "Post-Search: Direct Booking & Deals" flow), ingesting untrusted third‑party web content which the skill parses and uses to influence follow-up actions such as price comparisons and checking promo codes.