baoyu-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses responses from public Gemini/Google endpoints (e.g., Endpoint.GENERATE at https://gemini.google.com/...StreamGenerate used in scripts/gemini-webapi/client.ts and invoked from scripts/main.ts via GeminiClient.generate_content/chat.send_message), and it consumes that untrusted third-party output (candidate.text/thoughts, web/generated images, gem data) as part of its workflow and decision-making (chat state, chosen candidate, image downloads), so third-party content can materially influence subsequent actions.