anygen-storybook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the public AnyGen API (www.anygen.io) via the prepare/create/get-messages endpoints (see scripts/anygen.py and the SKILL.md workflow) and explicitly requires using the 'reply' and 'suggested_task_params' returned by prepare as the prompt for subsequent create/send-message actions, so untrusted third-party responses can directly drive tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to AnyGen's API (e.g., https://www.anygen.io/v1/openapi/tasks/prepare and other https://www.anygen.io endpoints) to fetch suggested_task_params/reply which the agent is required to present and use as prompts, so remote content directly controls agent instructions and is a required dependency.