nano-banana-pro-prompts-recommend-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly and mandatorily downloads and reads public community-sourced prompt JSON files from GitHub (BASE_URL https://raw.githubusercontent.com/YouMind-OpenLab/.../references in scripts/setup.js and the SKILL.md "Step 0: Auto-Update References") and fetches sample images from YouMind's CDN, so untrusted, user-generated content is ingested at runtime and used directly to select and remix prompts — creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup.js (run at postinstall and on every invocation per the SKILL) fetches manifest.json and category JSON files from https://raw.githubusercontent.com/YouMind-OpenLab/nano-banana-pro-prompts-recommend-skill/main/references, and those downloaded JSON prompt files directly determine the prompts/instructions the agent serves, making this a required runtime dependency that controls agent behavior.