gemini-vision

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's analyze-image.py explicitly downloads arbitrary http/https URLs (requests.get in scripts/analyze-image.py) and sends those untrusted, third-party images to the Gemini model (and the repo's examples/best-practices show using model outputs in follow-up prompts and parsing responses into actions like bounding-box parsing or further requests), so remote user-generated content can materially influence subsequent prompts and tool-driven behavior.