anygen-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends user prompts and uploaded files to the external AnyGen API (www.anygen.io) and explicitly requires the agent to read and present the AnyGen "reply" and "suggested_task_params" from the prepare API (SKILL.md and scripts/anygen.py) and then use that returned prompt to create tasks, so untrusted third‑party responses can directly influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime API calls to https://www.anygen.io (API_BASE) and the prepare/create endpoints return suggested_task_params/prompts that the agent is required to use (and the skill requires an ANYGEN_API_KEY), so external content at https://www.anygen.io directly controls the agent's prompts during execution.