meitu-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary user-provided image/video URLs and prompt text which are passed to the external meitu CLI (e.g., fields like "image", "image_url", "video_url" in SKILL.md and commands-data.json) and it also directly parses JSON output from that third-party CLI (payload.action_url, payload.error_type, user_hint in scripts/lib/errors.js and scripts/run_command.js) to decide and present next actions, so untrusted third-party content can materially influence agent behavior.