nano-banana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows fetching and using arbitrary external content — e.g., the "Image Editing (with input image)" example and the images input option accept external image URLs, and the "With Google Search Grounding" example/enable_google_search option indicates the app will ingest web search results — so untrusted third‑party content can be read and influence generation.