eachlabs-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md (Step 3: "Trigger the Workflow") and the examples in references/WORKFLOW-EXAMPLES.md explicitly accept arbitrary image_url / video_url / audio_url HTTP URLs (e.g., "https://example.com/product.jpg") which are fetched and fed into chained model steps, so untrusted third-party content is ingested and can influence subsequent workflow actions.