banana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (MANDATORY step to read references/gemini-models.md and references/prompt-engineering.md) explicitly instructs using Gemini's "Google Search grounding" / search‑grounded prompts (see references/gemini-models.md and references/prompt-engineering.md) which causes the agent to fetch and analyze open web/image search results and then act on that analysis to construct generation prompts, exposing it to untrusted third‑party web content that can materially influence subsequent tool calls and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config and setup explicitly invoke an external MCP package via npx (MCP_PACKAGE="@ycse/nanobanana-mcp", documented at https://github.com/YCSE/nanobanana-mcp), which will download and execute remote code at runtime and is required for the skill's generate/edit tools to function.