Gemini refused a hack check but gave a security checklist

was asked to review a personal website’s contest tab and API to see whether someone could hack it to get extra likes. Gemini refused to perform that specific security sweep. Even after the goal was clarified as protecting the website, Gemini still said it could not analyze specific .

It then gave a practical list of areas to secure: , , , and IDOR prevention. In plain terms, Gemini would not point out exactly how the site might be attacked, but it did name the main weak spots a solo maker should check.

Key points

  • refused to inspect a specific website and API for hackable paths.
  • Clarifying that the goal was defense did not make it analyze specific .
  • It still listed key defenses: , , , and IDOR prevention.
  • For security help, a defensive checklist prompt may get more useful answers than an attack-focused prompt.
Read original