nano-banana-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes arbitrary user-supplied third-party files (e.g., the "[Input PDF of Google's latest earnings report]" example and the --reference reference image inputs in the Prompting Guide/Usage), which the agent is expected to read/interpret as part of generating images, so untrusted content could carry indirect prompt-injection instructions.