publish-to-pages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly downloads public Google Slides via curl in the "Google Slides" step of SKILL.md (curl to https://docs.google.com/presentation/.../export/pptx) and then runs scripts (scripts/convert-pptx.py and convert-pdf.py) that parse and interpret slide/text content and publish the generated HTML to GitHub Pages, so untrusted, user-generated third‑party content is fetched and processed as part of the workflow and could influence outputs or subsequent actions.