sap-article-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web research via the web_search tool and downloads/embeds images from arbitrary web URLs using scripts/fetch_image.py and fetch_images_batch.py (e.g., "web_search" calls and the image URL lists in SKILL.md), which ingests untrusted public third‑party content (blogs, forums, public sites) that the agent must read/interpret during article generation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs running shell commands that install Python packages using the --break-system-packages flag and executing local scripts that download files into host paths, which can alter the host environment and bypass package protections even though it does not request sudo, modify system config files, or create users.