image-editor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly accepts arbitrary image_urls (URLs of images to edit) and includes an enable_web_search option ("Grounds editing in current web data"), so the agent will fetch and interpret untrusted third-party web content as part of its editing workflow, which could allow indirect prompt injection.