nano-banana-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to untrusted third‑party content via its "enable_google_search" runtime option and example in SKILL.md (e.g., "With Google Search Grounding" / Input Options), which indicates the app will fetch and use real-time web search results to ground outputs and thus could allow indirect prompt injection from public web content.