gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit commands that embed plaintext credentials (e.g., camofox type e1 "email@gmail.com" and camofox type e2 "password") and instructs the agent to input them directly rather than exclusively using a secure vault, creating a risk the LLM would handle or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly opens and snapshots third-party web pages (gemini.google.com and accounts.google.com) and instructs the agent to read page text/selectors (e.g., checking for "Sign in"/greeting, waiting for download button) to decide authentication, generation success, and next actions, which exposes it to untrusted third‑party content that could influence behavior (SKILL.md sections 2–5, Authentication Flow, and Image Generation).