openrouter-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's workflow and templates explicitly instruct using public URLs for images and PDFs (SKILL.md step 6 and references/requests-and-responses.md) and the Express/Next.js proxy routes accept and forward those public assets to OpenRouter for parsing—meaning the agent will ingest untrusted, user-provided web-hosted content which the model can interpret and return structured outputs or tool_calls that materially influence subsequent actions.