digital-twin-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md contains explicit examples that POST arbitrary external image_urls to the each::sense /chat endpoint (and the SSE docs show web_search_query/web_search_citations), so the agent ingests untrusted public web content (images and web search results) that can materially influence generation and subsequent tool actions.