telegraph-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses content from external public services—notably it reads manifests and asset metadata from a configured GitHub repo via the GitHub API (see scripts/github_delete_page_assets.sh and scripts/github_upload.sh) and downloads rendered diagram images from public servers (plantuml.com / mermaid.ink via scripts/render_diagram.sh)—and then uses that data to decide and perform actions (uploads/deletions), so untrusted third‑party content can materially influence behavior.