pptx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's tutorial and workflow explicitly allow and document adding images/backgrounds from arbitrary URLs (see pptxgenjs.md "Image Sources" with slide.addImage({ path: "https://example.com/image.jpg\" }) and slide.background = { path: "https://example.com/bg.jpg" }) and SKILL.md directs use of pptxgenjs for creating slides plus the QA steps ask subagents to "Read and analyze these images", so the agent may fetch and interpret untrusted third‑party web content that can influence editing and verification actions.