gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to read an API key from config/secrets.md and insert it verbatim into a curl Authorization header, which requires the LLM to handle and output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Construct Prompt" instructions accept arbitrary public image URLs for image-to-image and multi-image reference (e.g., examples like "https://a.jpg https://b.jpg"), which means the agent/API will fetch and use untrusted third-party image content as part of its workflow and could be exposed to indirect prompt injection via that content.