baoyu-danger-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes HTTP requests to public Gemini/Google endpoints (e.g., Endpoint.BATCH_EXEC and GENERATE at https://gemini.google.com used by GemMixin.fetch_gems and GeminiClient.generate_content, and fetch_google_extra_cookies/load_browser_cookies calling https://www.google.com and related services), and it parses/uses returned custom "gems" and model candidate text/images as part of its workflow—meaning untrusted, potentially user-generated content from the open web is ingested and can directly influence subsequent generation/choices (e.g., gem prompts and ModelOutput candidates are applied to requests and decision logic in generate_content and ChatSession).