eye-color-changer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and ingests external image URLs in SKILL.md (e.g., the image_urls field in the Quick Start and examples) and its SSE docs (references/SSE-EVENTS.md) show web_search_query/web_search_citations events that return and are used in responses, meaning untrusted third-party content can be fetched and influence the agent's behavior.