face-morphing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly accepts arbitrary external image URLs as inputs (see the numerous image_urls examples) and the included references/SSE-EVENTS.md documents web_search_query/web_search_citations events, showing the agent will fetch and ingest untrusted third‑party web content that can be used to drive tool use and decisions.