gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to read an API key from config/secrets.md and insert it verbatim into a curl Authorization header, which requires the LLM to handle and output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill accepts arbitrary image URLs as part of prompts (see the "Image-to-Image" prompt format in SKILL.md) and explicitly recommends uploading to public hosts in tips/image-upload.md (e.g., litterbox.catbox.moe and catbox.moe), so the agent will ingest untrusted third-party content (public image URLs) as part of its workflow, enabling indirect prompt injection.