gemini-image-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's common.py load_image() uses requests.get to fetch arbitrary http(s) URLs provided via CLI args (--input/--reference/--base/--logo in scripts/edit_image.py and scripts/logo_overlay.py), and those fetched, untrusted third‑party images are passed directly as contents to client.models.generate_content, so the agent ingests and interprets open web/user‑provided content.