Unsure if this is just a malicious application designed to do this or an honest mistake, but you are sending the apiKey to your backend (in the case of your hosted example) or the backend hosted by the user, not directly to Gemini endpoints from the user's local browser, either way probably not optimal for security/safety if this was unintentional.
The enhance_prompt call:
Unsure if this is just a malicious application designed to do this or an honest mistake, but you are sending the apiKey to your backend (in the case of your hosted example) or the backend hosted by the user, not directly to Gemini endpoints from the user's local browser, either way probably not optimal for security/safety if this was unintentional.
The enhance_prompt call: