banana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents and supports "Google Search grounding" / search-grounded generation (see references/gemini-models.md and references/prompt-engineering.md) and the MCP/tooling (mcp-tools.md) shows a googleSearch tool, meaning the agent can fetch and analyze live public web/image search results and use them to drive prompt construction and image generation—exposing it to untrusted third-party content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configures and runs an external MCP package via npx (package @ycse/nanobanana-mcp / GitHub: https://github.com/YCSE/nanobanana-mcp) which will be fetched and executed at runtime to accept and forward image-generation prompts, so remote code is executed and directly mediates prompt handling.