nano-banana-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly accepts arbitrary source image URLs (the "image_urls" parameter and the Image Editing workflow example POST /nano-banana/images with "image_urls": ["https://example.com/photo.jpg"]), so the agent will fetch and ingest untrusted third‑party images which could contain embedded text/instructions that materially influence editing behavior.