infographic-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's HTML resource loader explicitly fetches SVG assets from public third-party hosts (e.g., https://api.iconify.design/${data}.svg and raw.githubusercontent.com/.../undraw-svg-collection/${data}.svg) and loads that untrusted SVG content into the Infographic renderer, so arbitrary external/user-controlled SVGs are fetched and interpreted at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime HTML instructs loading and executing the remote JavaScript library https://unpkg.com/@antv/infographic@latest/dist/infographic.min.js (required for rendering), which executes remote code fetched at runtime.