nsfc-schematic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill can call external Gemini/Nano Banana image APIs (see scripts/nano_banana_client.py and the GEMINI_BASE_URL/.env settings) to fetch PNG outputs which the host AI is explicitly required to read from the ai closed-loop evidence package (output_dir/.nsfc-schematic/ai/.../ai_pack_round_*/schematic.png and nano_banana_prompt.md) and whose content and prompts feed the ai_critic workflow that determines subsequent actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's Nano Banana/Gemini PNG-only mode will at runtime call the GEMINI_BASE_URL (default example https://generativelanguage.googleapis.com/v1beta and potentially a third‑party proxy like https://xingjiabiapi.org/v1 if configured) to perform model inference (remote code execution) and that external API is required for that rendering mode, so this is a runtime external dependency that executes remote code.