nano-banana-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents an "enable_web_search" web-grounding option and notes that the RunComfy model server fetches external image/mask/video URLs (and integrates fresh web info), meaning the model ingests untrusted public web content as part of normal workflow (see "Web-grounded" example and "Security & Privacy" section).