typst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (see references/tool-routing.md and the SKILL.md "Auto-invoke Rules" / "MCP image generation workflow") explicitly auto-invokes /image-search and gemini-generate-image MCP to fetch or generate external images and asks the agent to inspect those previews and iteratively act on them, which means it ingests untrusted third‑party web/generated content that can influence subsequent tool use and decisions.