canghe-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses live responses from public Gemini endpoints (see Endpoint.GENERATE / BATCH_EXEC in scripts/gemini-webapi/constants.ts and the network/response handling in scripts/gemini-webapi/client.ts), including candidate text and web/generated image URLs (e.g., googleusercontent links) which scripts/main.ts then interprets and uses to drive saved outputs, sessions, and follow-up chat actions—so untrusted third-party content is ingested and can influence subsequent behavior.