Create Google Gemini API Key Check

[mestizo]

PR Information

When the Gemini API (Generative Language API) is enabled on a Google Cloud project, existing API keys in that project can silently gain access to sensitive Gemini endpoints. When you create a new API key in Google Cloud, it defaults to "Unrestricted," meaning it's immediately valid for every enabled API in the project, including Gemini.

• References: https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

No security issues found

3 issues fixed in this PR

Hardening Notes

• The matcher logic remains unchanged between commits - still uses '!contains(body, "error")' and redundant '!status_code == 403' check without positive validation of Gemini API response structure
• Template already has verified: true flag and lowercase severity as expected
• No positive response body validation added (e.g., checking for 'files', 'nextPageToken', or valid JSON structure from Gemini API)

_{Comment @pdneo help for available commands. · Open in Neo}