style-transfer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary external image URLs as inputs (see SKILL.md Quick Start and "Custom Reference Image Style" examples using image_urls) — and its SSE docs also show web_search_query/web_search_citations events — so the agent fetches and interprets untrusted third-party content that can materially influence generation behavior.