photo-restoration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md examples clearly show the agent fetching and ingesting images from arbitrary external URLs via the "image_urls" parameter (e.g., Quick Start and Use Case curl examples), meaning untrusted, third-party content is read and used to drive restoration decisions and subsequent tool actions.