baoyu-gemini-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly fetches and parses responses from the public Gemini web service (e.g., fetchGeminiAccessToken contacting https://gemini.google.com/app and runGeminiWebOnce / parseGeminiStreamGenerateResponse reading Gemini output) and downloads media URLs found in those responses (e.g., googleusercontent.com/gg-dl/ and image_generation_content URLs), thereby ingesting third-party public content that could contain untrusted or user-originated instructions.