nano-banana-2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste a Google API key, stores it in a config file, and provides curl/command templates that would embed that key (or substitute it directly) into requests/outputs, requiring the LLM to handle and potentially output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill enables "web search grounding" (documented in SKILL.md under "Web Search Grounding" and shown in the API call examples via the tools parameter [{"googleSearch": {}}]), which causes the agent to fetch and use open web search results (untrusted third‑party content) as part of the image-generation workflow and therefore could allow indirect prompt injection to influence generation and subsequent actions.