API Key is Sent To Server

Unsure if this is just a malicious application designed to do this or an honest mistake, but you are sending the apiKey to your backend (in the case of your hosted example) or the backend hosted by the user, not directly to Gemini endpoints from the user's local browser, either way probably not optimal for security/safety if this was unintentional.

The enhance_prompt call: 

<img width="1097" height="900" alt="Image" src="https://github.com/user-attachments/assets/90e58f11-5f0a-4f47-a1b8-efb2b79f06c2" />

<img width="1097" height="932" alt="Image" src="https://github.com/user-attachments/assets/601a7832-f030-4e02-b732-a77605487835" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

API Key is Sent To Server #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

API Key is Sent To Server #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions