gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted public content — e.g., SKILL.md and README state "YouTube Analysis" and "Google Search grounding is automatic," and webapi.py appends a provided --youtube URL to the model prompt (and triggers web grounding), meaning arbitrary web/YouTube content will be read and can influence model behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install script (install.js) downloads executable skill files from https://raw.githubusercontent.com/nicobailon/gemini-multimodal/main (e.g., webapi.py) and those fetched scripts are executed as the skill, meaning remote content directly supplies the agent's runtime code and prompt-handling logic.