wangyan-gemini-image-gen

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples and config that pass API keys as literal command-line arguments and top-level config fields (e.g., --api-key "sk-xxx" and "apiKey": "your-api-key"), which encourages the agent to accept and embed secret values verbatim in generated commands or files, creating exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Two entries are harmless example.com placeholders, but the astral.sh URL is a direct .sh installer (commonly fetched with curl | sh), which is a high‑risk distribution vector from a third‑party domain and should be inspected before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary third-party API endpoints via --base-url / GEMINI_BASE_URL and explicitly parses their JSON responses (scripts/generate_image.py: generate_openai/_extract_image) and will download image URLs returned by those APIs using download_and_save (httpx.get), so untrusted external content from public providers can be ingested and directly drive runtime actions.