slidev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill documentation explicitly allows and documents loading/displaying arbitrary external content (e.g., remote images in rules/assets.md "Remote URLs work directly", iframe embeds in rules/layouts.md url: https://example.com, PlantUML using the public server in rules/diagrams.md, and third‑party embeds like and in rules/components.md and Google Fonts CDN), which means the agent could fetch and render untrusted third‑party content capable of carrying indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill documents that PlantUML "requires an external server" and defaults to the public renderer at https://www.plantuml.com/plantuml, which is invoked at runtime to render PlantUML source (i.e., remote processing/execution of user-supplied diagram code), so this external URL is a runtime dependency that executes remote code.