nano-banana-image-editor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs running a setup script with the API key passed directly on the command line (e.g., setup-gemini-token.py YOUR_API_KEY), which requires embedding the raw secret into commands or outputs and therefore risks verbatim exposure/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables Google Search grounding (see SKILL.md and the create_image.py/edit_image.py --search flag) and scripts/gemini_image.py add a "google_search" tool to the model config, so the agent ingests open web search results (untrusted third-party content) that can materially influence generation and actions.