MAL-2026-4751

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69) glass_of_water/__init__.py embeds 10 Google Gemini API keys (AIzaSy...) split across 5-part dictionaries and reassembled at runtime by _get_api_key() (L6-19). The split-and-reassemble pattern is a deliberate evasion of registry/secret scanners. The exported water(prompt,...) function unconditionally instantiates `genai.Client(api_key=api_key)` and calls `client.models.generate_content(model='gemini-flash-latest', contents=system_instruction + prompt)` (L36-41) — there is no env-var override or opt-in path for caller-supplied credentials. Two installer-relevant harms result: (1) live third-party credentials are redistributed to every installer, who can extract and abuse them against Google's Gemini API; (2) any caller of water() silently routes their prompt content to a Google project owned by the author, where it is billed and logged under the author's account. Author metadata is placeholder (`Your Name <your.email@example.com>`) and the description is generic, consistent with a low-effort publish rather than a maintained utility.