gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts and commands clearly open and read external web pages (e.g., youtube-transcribe.ts and transcribe-full.ts accept arbitrary YouTube URLs and send/receive content, and inspect-gemini.ts and get-response.ts call get_html/get_text to parse tab HTML), so the agent ingests untrusted public third‑party content that can influence subsequent actions.