gemini-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automates a Chrome CDP session to navigate gemini.google.com and programmatically extract and act on the Gemini "plan" and full markdown report (see "Automation Flow" — "Extract plan text", "Auto-confirm 'Start research'", and "Extract report"), so untrusted third-party content from Gemini is read and can drive subsequent actions.