genimg-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and parses responses from Gemini (e.g., GEMINI_STREAM_GENERATE_URL in scripts/client.ts and fetchGeminiAccessToken reading https://gemini.google.com/app) and executor logic in scripts/executor.ts uses the returned text/metadata/images (and extracted URLs) to decide follow-up actions like downloading images or videos, so untrusted third‑party content can materially influence behavior.