poly-pizza-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to call the public Poly Pizza API (https://api.poly.pizza/v1/ search, model, and popular endpoints) and to read model metadata fields (Title, Description, Creator/PURL, Tags) and CDN Download URLs returned by user-contributed models, so untrusted, user-generated content from the open web is ingested and used to choose, name, attribute, and download assets—allowing those fields to influence agent decisions and subsequent actions.