ppt-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary web pages (Step 1: "Web link → python3 ${SKILL_DIR}/scripts/source_to_md/web_to_md.py ") and the topic-research workflow gathers web sources; those converted third‑party Markdown sources are then read by Strategist/Executor and directly drive design_spec.md, spec_lock.md, image acquisition, and SVG generation, so untrusted public content can materially influence agent decisions and actions.