asset-collection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs downloading assets from open/public sites (e.g., Unsplash, Pexels, Pixabay, Wikipedia and company newsrooms) and includes curl scripts and URL construction that fetches untrusted, user-generated web content as part of the asset-collection workflow, so third-party content could influence selection/usage decisions.