google-adk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes examples that ingest open web and third-party data—e.g., fetch_external_data(url) which calls requests.get(url), Tool.from_openapi(spec_url="https://...") for loading OpenAPI specs, and built-in Search/news tools (Google Search API / news_sentiment_tool) that agents like the researcher/market_analyzer are expected to read and synthesize—so it clearly consumes untrusted, public content as part of agent workflows.