tw-edu-slides-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts user-provided URLs and Step 2.5 states "網頁 URL | WebFetch 抓取正文後分析", meaning it fetches arbitrary web pages and uses that untrusted content to produce the structured /tmp/slides_content.json which directly drives slide generation, so third-party content can change the agent's actions.