gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It tells the agent to read the API key from config/secrets.md and use it verbatim in a curl Authorization header, which requires the model to handle/output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md step 2 and tips/image-upload.md) requires using arbitrary public image URLs uploaded to third-party hosts (e.g., litterbox.catbox.moe, catbox.moe) which the agent will fetch and interpret as part of generation, exposing it to untrusted user-hosted content that could carry embedded instructions or influence behavior.