code-to-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts and sends arbitrary user-provided HTML (including references to external CDNs/fonts) to the third-party endpoint https://html2png.dev/api/convert for rendering, so it ingests untrusted, user-generated third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The example HTML that the skill sends at runtime to https://html2png.dev/api/convert includes , which will be fetched and executed by the remote renderer and therefore can execute remote code during skill runtime.