noise2blog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch arbitrary URLs ("If input is a URL: Fetch the page content using WebFetch") and to embed that raw page content into the Gemini request (Step 5), so the agent reads and acts on untrusted public web content that could carry indirect prompt injections.