baoyu-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and parses live content from gemini.google.com (scripts/gemini-webapi/client.ts extracts candidate text and web image URLs) and then downloads/uses those external images/outputs (scripts/gemini-webapi/types/image.ts and scripts/main.ts save and act on the returned URLs/content), so it clearly ingests untrusted third‑party web content that can influence subsequent actions.