baoyu-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests responses from third‑party Gemini endpoints (e.g., scripts/gemini-webapi/constants.ts: Endpoint.GENERATE and scripts/gemini-webapi/client.ts: generate_content) and downloads web/generated images referenced in those responses, and the agent parses and acts on those responses in scripts/main.ts (choosing candidates, saving images, updating sessions), so untrusted third‑party content can materially influence tool use and next actions.