creating-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run web_search and read_webpages_as_markdown (see "Web Content Retrieval" and "Complete Creation Workflow") and to use image_search/slide_images_content (which auto-downloads external image URLs) to ingest public webpages and user-generated images, and those retrieved pages/images are then used to decide slide content and tooling steps—exposing the agent to untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill mandates including and loading the Tailwind CDN script (https://cdn.tailwindcss.com/3.4.17) which is a required runtime dependency that returns and executes remote JavaScript when generated slides/pages are loaded (e.g., during the tool's page-check/browser load), so it can execute remote code in the agent runtime.