oma-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's prompt-tips.md explicitly instructs the agent to fetch and internalize README sections from public GitHub repos via gh api ("External Prompt Libraries" in resources/prompt-tips.md), which are untrusted, user-generated third-party files the agent reads and uses to compose generation prompts—allowing those external contents to materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to fetch README content at runtime from the external GitHub prompt library (e.g. https://github.com/YouMind-OpenLab/awesome-nano-banana-pro-prompts via the shown gh api ... | base64 -d command), and that fetched text is used to shape/amplify the model prompts, so it is a runtime external dependency that directly controls prompt content.