nanobanana-image-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary image URLs (SKILL.md "Ensure the input image is accessible (local file or URL)" and scripts/generate_image.py which "if the input is a URL from any domain, the script downloads and re-uploads to Replicate"), so it fetches untrusted third‑party content (public URLs) that the model ingests and which can materially influence generation behavior and downstream actions.