spine-animation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's pipeline (SKILL.md and scripts) explicitly sends user images to Google Gemini in split_character.py and ingests the generated atlas image from that third-party API (Gemini), which the agent then reads and uses to drive segmentation/positioning and downstream decisions, creating a pathway for indirectly injected content.