image-gen-blockeden-gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching a user-provided URL ("If the user gives a URL, download it first with curl -L -o /tmp/ref_image.jpg \"<url>\""), and the runtime workflow (scripts/generate_image.py -> gemini_flash.py) then ingests that external, untrusted image as a reference that will influence image-generation behavior.