baoyu-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses live responses from gemini.google.com (scripts/gemini-webapi/client.ts and utils/get-access-token.ts) and then downloads/uses URLs returned in those responses (scripts/gemini-webapi/types/image.ts and scripts/main.ts), so untrusted third-party content from the public web can be ingested and can influence subsequent actions like image downloads and chat session continuation.