nano-banana-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts and processes arbitrary user-provided prompts and uploaded images (e.g., IterativeEditor sends imageBase64 and editPrompt to /api/edit, ImageGenerator/useChat posts user prompts to /api/generate, and gallery/components render externally-sourced image URLs), which the agent reads and interprets as part of its workflow—exposing it to untrusted third-party content.