depth-map-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md examples show it fetches arbitrary image_urls (public URLs) and the SSE-EVENTS.md explicitly documents web_search_query / web_search_citations flows, so the agent ingests untrusted third‑party web content (images and search results) as part of its workflow which can materially influence its actions.