gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to read a secrets file and construct curl requests that include API keys/Bearer tokens in headers (e.g., x-goog-api-key / Authorization: Bearer), which requires inserting secret values verbatim into generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches remote image URLs and proxy API responses as runtime inputs (see SKILL.md Steps 3 and 5 and the proxy settings in config/secrets.example.md), treating those untrusted third‑party resources as image inputs that the agent decodes and uses to drive generation/editing, so arbitrary external content can influence tool behavior.