pptx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md points to pptxgenjs.md for the "create from scratch" flow, and pptxgenjs.md explicitly shows adding images/backgrounds from arbitrary URLs (e.g., slide.addImage({ path: "https://example.com/image.jpg" }) and slide.background = { path: "https://example.com/bg.jpg" }), so the skill can fetch untrusted public web content that will be embedded and inspected as part of the authoring/QA workflow.